MarkdownNotes/howto - Ansible vault encrypt-decrypt.md

Ansible vault encrypt/decrypt

Encrypt

Echo passwords through ansible-vault into a file. Provide encryption password when prompted (can be different for each password)

printf "%s" <password1> | ansible-vault encrypt_string --stdin-name=<password-name1> > <password-file>.var.yml
printf "%s" <password2> | ansible-vault encrypt_string --stdin-name=<password-name2> >> <password-file>.var.yml
...

Decrypt

Retrieve a single decrytped password from password file. Provide encryption password when prompted.

ansible localhost -e '@<password-file>.var.yml' --ask-vault-pass -m debug -a 'var=<password-name>'