To proceed with this tutorial, you will need the following:<\/p>\n<\/p>\n
Check out our introductory articles in this Ansible beginner’s tutorial<\/a>, where we explain how to configure the necessary prerequisites.<\/p>\n Ansible Vault uses symmetric encryption to protect data. To create a new encrypted file, use the ansible-vault create<\/em> command followed by the name of your new file:<\/p>\n <\/pre>\n<\/p>\n You will be prompted to enter a password. This password will be used to encrypt the file.<\/p>\n<\/p>\n Confirm New Vault password:<\/p> <\/pre>\n<\/p>\n After entering the password, you will be taken to an editor where you can enter your sensitive data:<\/p>\n<\/p>\n <\/pre>\n<\/p>\n Save and close the file. Your data is now encrypted. You can view the encrypted data using this command:<\/p>\n<\/p>\n Displaying encrypted data<\/a><\/p>\n To view the contents of an encrypted file named secrets.yml<\/em> using Ansible Vault, you can use the ansible-vault view<\/em> command.<\/p>\n<\/p>\n <\/pre>\n<\/p>\n After running this command, Ansible Vault will prompt you to enter the vault password. Once you provide the correct password, it will decrypt and display the contents of the secrets.yml<\/em> file in your terminal.<\/p>\n<\/p>\n Displaying decrypted data<\/a><\/p>\n If you want to edit an encrypted file, you can use the ansible-vault edit<\/em> command:<\/p>\n<\/p>\n <\/pre>\n<\/p>\n You will be prompted to enter your password when creating the file.<\/p>\n<\/p>\n Vault password:<\/p>\n<\/p>\n After entering the password, you can view and edit your sensitive data.<\/p>\n<\/p>\n db_password: mysecretpassword<\/p>\n<\/p>\n When you save the file, Ansible Vault will encrypt it again.<\/p>\n<\/p>\n If you want to store the file in plaintext, you can use the ansible-vault decrypt<\/em> command:<\/p>\n<\/p>\n <\/pre>\n<\/p>\n You will be asked to enter your vault password to decrypt the file.<\/p>\n<\/p>\n Decryption successful<\/p> <\/pre>\n The cat command allows you to view the decrypted file.<\/p>\n <\/pre>\n Output.<\/p>\n<\/p>\n Rotating your vault passwords periodically is a wise move to boost security. You can conveniently re-encrypt existing files with a new password using Ansible Vault.<\/p>\n<\/p>\n If you need to rekey an encrypted file named secrets.yml<\/em>, you can use the ansible-vault rekey<\/em> command:<\/p>\n<\/p>\n After you provide the correct password, Ansible Vault will ask for the new vault password. After confirming the new password, Ansible Vault will re-encrypt the file with the new password.<\/p>\n<\/p>\nEncrypting data with Ansible Vault<\/h2>\n
ansible-vault create secrets.yml<\/p>
New Vault password: <\/p>
db_password: mysecretpassword<\/p>
cat secrets.yml<\/pre>\n<\/p>\n
Viewing encrypted data<\/h2>\n<\/p>\n
ansible-vault view secrets.yml<\/p>
Editing encrypted files<\/h2>\n<\/p>\n
ansible-vault edit secrets.yml<\/p>
Decrypting encrypted files<\/h2>\n<\/p>\n
ansible-vault decrypt secrets.yml<\/p>
Vault password: <\/p>
cat secrets.yml<\/p>
Changing the vault password<\/h2>\n<\/p>\n
ansible-vault rekey secrets.yml<\/pre>\n<\/p>\n