create/update 'howto - Ansible vault encrypt-decrypt.md' file

howto - Ansible vault encrypt-decrypt.md

@@ -1,17 +1,32 @@
-# Ansible vault encrypt/decrypt
+# Ansible vault encrypt-decrypt
 
 ## Encrypt
-Echo passwords through `ansible-vault` into a file.  Provide encryption password when prompted (can be different for each password)
 
-```shell
+Echo passwords through ansible-vault into a file (or files). Be sure to escape special characters (see below) or avoid them altogether.
+
+```
+" ' [ ] { } > | * & ! % # ` @ ,
+```
+
+Provide encryption password when prompted (can be different for each password)
+
+```bash
 printf "%s" <password1> | ansible-vault encrypt_string --stdin-name=<password-name1> > <password-file>.var.yml
 printf "%s" <password2> | ansible-vault encrypt_string --stdin-name=<password-name2> >> <password-file>.var.yml
-...
 ```
 
 ## Decrypt
-Retrieve a single decrytped password from password file.  Provide encryption password when prompted.
 
-```shell
+Retrieve a single decrytped password from yml file containing vaulted password.
-ansible localhost -e '@<password-file>.var.yml' --ask-vault-pass -m debug -a 'var=<password-name>'
+
+Prompt for encryption password.
+
+```bash
+ansible localhost -e '@<yaml file containing password>.yml' --ask-vault-pass -m debug -a 'var=<password-name>'
+```
+
+Or include reference to vault password if you have it stored in a file
+
+```bash
+ansible localhost -e '@<yaml file containing password>.yml' --vault-password-file ~/pw.vault -m debug -a 'var=<password-name>'
 ```