From b77a47763530bfdaed00d552fe914a4d17f8cbd2 Mon Sep 17 00:00:00 2001
From: anonymous <>
Date: Wed, 3 Jan 2024 11:15:16 -0500
Subject: [PATCH] create/update 'howto - Ansible vault encrypt-decrypt.md' file

---
 howto - Ansible vault encrypt-decrypt.md | 29 ++++++++++++++++++------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/howto - Ansible vault encrypt-decrypt.md b/howto - Ansible vault encrypt-decrypt.md
index 9d9d658..cb89749 100644
--- a/howto - Ansible vault encrypt-decrypt.md	
+++ b/howto - Ansible vault encrypt-decrypt.md	
@@ -1,17 +1,32 @@
-# Ansible vault encrypt/decrypt
+# Ansible vault encrypt-decrypt
 
 ## Encrypt
-Echo passwords through `ansible-vault` into a file.  Provide encryption password when prompted (can be different for each password)
 
-```shell
+Echo passwords through ansible-vault into a file (or files). Be sure to escape special characters (see below) or avoid them altogether.
+
+```
+" ' [ ] { } > | * & ! % # ` @ ,
+```
+
+Provide encryption password when prompted (can be different for each password)
+
+```bash
 printf "%s" <password1> | ansible-vault encrypt_string --stdin-name=<password-name1> > <password-file>.var.yml
 printf "%s" <password2> | ansible-vault encrypt_string --stdin-name=<password-name2> >> <password-file>.var.yml
-...
 ```
 
 ## Decrypt
-Retrieve a single decrytped password from password file.  Provide encryption password when prompted.
 
-```shell
-ansible localhost -e '@<password-file>.var.yml' --ask-vault-pass -m debug -a 'var=<password-name>'
+Retrieve a single decrytped password from yml file containing vaulted password.
+
+Prompt for encryption password.
+
+```bash
+ansible localhost -e '@<yaml file containing password>.yml' --ask-vault-pass -m debug -a 'var=<password-name>'
+```
+
+Or include reference to vault password if you have it stored in a file
+
+```bash
+ansible localhost -e '@<yaml file containing password>.yml' --vault-password-file ~/pw.vault -m debug -a 'var=<password-name>'
 ```
\ No newline at end of file