ansible-vault.cheat

% ansible-vault

# Create a new encrypted file using an optional password file
ansible-vault create --vault-password-file=<password_file> <vault_file_name>

# Encrypt an existing file using an optional password file
ansible-vault encrypt --vault-password-file=<vault_password_file> <vault_file_name>

# View the contents of an encrypted file
ansible-vault view --vault-password-file=<vault_password_file> <vault_file_name>

# Edit an encrypted file
ansible-vault edit --vault-password-file=<vault_password_file> <vault_file_name>

# Decrypt an encrypted file
ansible-vault decrypt --vault-password-file=<vault_password_file> <vault_file_name>

# Create a vault ID
ansible-vault create --vault-id <vault_id> <vault_file_name>

# Run a playbook with a vault ID
ansible-playbook <playbook_name>.yml --vault-id <vault_id>

# Edit an encrypted file using a vault ID
ansible-vault edit <vault_file_name> --vault-id <vault_id>

# Provide the vault password for a playbook
ansible-playbook <playbook_name>.yml --ask-vault-pass

# Provide the vault password file for a playbook
ansible-playbook <playbook_name>.yml --vault-password-file <vault_password_file_name>