Adding the vault password file option to the Ansible configuration

With version 1.7, it's also possible to add the vault_password_file option to the ansible.cfg file in the defaults section.

Consider the following:

[defaults]
  vault_password_file = ~/.vault_pass

The preceding option gives you the freedom of not specifying the encryption password or the password file every time. Let's take a look at the following commands:

# launch ansible playbook run with encrypted data
# with vault_password_file option set in the config
$ ansible-playbook -i customhosts site.yml
$ ansible-vault encrypt roles/mysql/defaults/main.yml
Encryption successful
$ ansible-vault decrypt roles/mysql/defaults/main.yml
Decryption successful

Moreover, when starting with version ...

Get Ansible Playbook Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Ansible Playbook Essentials by Gourav Shah

Adding the vault password file option to the Ansible configuration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly