About
How to encrypt a string property with ansible-vault
If you want to decrypt it back, see Ansible - Decrypt a property (password, private key)
Articles Related
Syntax
From a literal
- In line String
ansible-vault encrypt_string [--prompt] [options] string_to_encrypt
From a file
- String from a File content
cat file | ansible-vault encrypt_string [--prompt] [options]
You can encrypt a private key this way for instance.
Example
With a executable passwordFile and without label
- First create a file that will store the Ansible vault passphrase
#!/usr/bin/env bash
echo myVaultPassord
ansible-vault encrypt_string --vault-id passwordFile.sh 'password'
# If you want to have the property name in the output, you can add it as parameter
# --name 'property_name'
property_name: !vault |
$ANSIBLE_VAULT;1.1;AES256
62386330373731643635353932343165306363336336373739316531366536323437396639313033
6139356564646365303132373830623737356535663434350a613861646230343430396462333465
38363831353565336537636633616438383230313237316133366631363932623632313236383262
3238363861363133380a303030653165613538633731353065623366613162656166366563636238
3533
Encryption successful
With a executable password file and with label
With a executable password file and with vault label
#!/usr/bin/env bash
echo myVaultPassword
- With the label dev for instance
ansible-vault encrypt_string --vault-id [email protected] 'foobar' --name 'the_secret'
- In the value, we can see the dev label coming back.
the_secret: !vault |
$ANSIBLE_VAULT;1.2;AES256;dev
32623539663635343531646264366163303738326632613535376633653865643333353536623832
6136313230363737316465623963326237653063336666310a356137333139323130393933373537
61623432663236313137303561333830396566613030383431666662326632653333323730316638
6661353435323536650a376662313430646634643763653766616565326661303438653233656366
3461