Documentation Reference Number: #0003
Ansible-Vault
I. How To Encrypt A File
Explanation
Encrypting an existing file using ansible-vault, which is also
called "creating a new vault" is a straightforward process. Run
the command shown in example 1.1, replacing file_1.txt
with the name of the file you wish to encrypt.
You will be prompted on the command line to input a password for the vault two times. If the passwords you enter match then the contents of the file will be encrypted.
After encryption the contents of the file will not be readable
without first entering the password. The permission bits of
the file will also be altered to 600 (RW- --- ---).
Example 1.1
Encrypting the contents of a file_1.txt.john@comp:~$ ansible-vault encrypt file_1.txt
New Vault password:
Confirm New Vault password:
Encryption successful
john@comp:~$ II. How To Decrypt A File
Explanation
Decrypting a file will change the contents of the file from the encrypted ciphertext to the decrypted plaintext. After decryption anyone with sufficient permissions will be able to view or see the contents of the file.
To decrypt a file run the command in example 2.1 replacing 'file_1.txt' with the name of the file you wish to decrypt. You will be asked to enter a password on the command line. If you enter the correct password then the file will be decrypted.
If you would like to see the contents of an encrypted file but you do not want to decrypt it then read section IV "Viewing An Encrypted File".
Example 2.1
Decrypting a file called 'file_1.txt'.john@comp:~$ ansible-vault decrypt file_1.txt
Vault password:
Decryption successful
john@comp:~$ III. How To Edit An Encrypted File
Explanation
This example demonstrates how to edit the contents of an encrypted file.
After you run this command you will be prompted to enter the decryption password on the command line. If you enter the password correctly then a CLI editor like vim will open up with the plaintext content of the encrypted file in it. You may then edit the contents of the file.
When you are finished editing the file, save your work and exit the editor. The file will be re-encrypted with your modifications.
Example 3.1
Editing the content of a file called 'file_1.txt'john@comp:~$ ansible-vault edit file_1.txt
Vault password:
john@comp:~$ IV. How To View An Encrypted File
Explanation
This example demonstrates how to view the contents of an encrypted file.
After you run this command and correctly input the decryption password the decrypted plaintext contents of the file will be printed to the command line (STDOUT).
Example 4.1
Viewing the contents of an encrypted file called 'file_1.txt'john@comp:~$ ansible-vault view file_1.txt
Vault password:
This is the content of the encrypted file named 'file_1.txt'.
john@comp:~$ V. Ancillary Information
Related Programs
| Name | Description |
|---|---|
| ansible | Execute one task on a set of hosts |
| ansible-community | Display version information for ansible |
| ansible-config | Display configuration information |
| ansible-console | REPL console for executing ansible tasks |
| ansible-doc | documentation tool |
| ansible-galaxy | Perform role and collection related operations |
| ansible-inventory | Display information about remote hosts (inventory) |
| ansible-playbook | Execute ansible playbooks |
| ansible-pull | Retreive playbooks from a repository |
External Links
Below is a link to the official ansible documentation.
Official Ansible Documentation
Bug Reports
If you discover a security related bug please send an email about it to the email address shown below.
If you discover a non-security related bug it should be reported on the official Ansible GitHub page after you have followed the instructions listed on the ansible "Reporting bugs and requesting features" page.
Reporting bugs and requesting features
The examples provided on this page were generated on 2024-JULY-20 using the Linux based operating system Debian 12.6, with ansible installed via the apt-get package manager.
Documentation Last Updated: 2024-OCTOBER-15 at 1535 PDT.