ansible-vault man page on DragonFly
Printed from http://www.polarhome.com/service/man/?qf=ansible-vault&af=0&tf=2&of=DragonFly
ANSIBLE-VAULT(1) System administration commands ANSIBLE-VAULT(1)
NAME
ansible-vault - manage encrypted ansible vars files (YAML).
SYNOPSIS
ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options]
file_name
DESCRIPTION
ansible-vault can encrypt any structured data file used by Ansible.
This can include group_vars/ or host_vars/ inventory variables,
variables loaded by include_vars or vars_files, or variable files
passed on the ansible-playbook command line with -e @file.yml or -e
@file.json. Role variables and defaults are also included!
Because Ansible tasks, handlers, and so on are also data, these can
also be encrypted with vault. If you’d like to not betray what
variables you are even using, you can go as far to keep an individual
task file entirely encrypted.
The password used with vault currently must be the same for all files
you wish to use together at the same time.
COMMON OPTIONS
The following options are available to all sub-commands:
--vault-password-file=FILE
A file containing the vault password to be used during the
encryption/decryption steps. Be sure to keep this file secured if
it is used. If the file is executable, it will be run and its
standard output will be used as the password.
--new-vault-password-file=FILE
A file containing the new vault password to be used when rekeying a
file. Be sure to keep this file secured if it is used. If the file
is executable, it will be run and its standard output will be used
as the password.
-h, --help
Show a help message related to the given sub-command.
If --valut-password-file is not supplied ansib-vault will automatically
prompt for passwords as required.
CREATE
$ ansible-vault create [options] FILE
The create sub-command is used to initialize a new encrypted file.
After providing a password, the tool will launch whatever editor you
have defined with $EDITOR, and defaults to vim. Once you are done with
the editor session, the file will be saved as encrypted data.
The default cipher is AES (which is shared-secret based).
EDIT
$ ansible-vault edit [options] FILE
The edit sub-command is used to modify a file which was previously
encrypted using ansible-vault.
This command will decrypt the file to a temporary file and allow you to
edit the file, saving it back when done and removing the temporary
file.
REKEY
$ ansible-vault rekey [options] FILE_1 [FILE_2, ..., FILE_N]
The rekey command is used to change the password on a vault-encrypted
files. This command can update multiple files at once.
ENCRYPT
$ ansible-vault encrypt [options] FILE_1 [FILE_2, ..., FILE_N]
The encrypt sub-command is used to encrypt pre-existing data files. As
with the rekey command, you can specify multiple files in one command.
The encrypt command accepts an --output FILENAME option to determine
where encrypted output is stored. With this option, input is read from
the (at most one) filename given on the command line; if no input file
is given, input is read from stdin. Either the input or the output file
may be given as - for stdin and stdout respectively. If neither input
nor output file is given, the command acts as a filter, reading
plaintext from stdin and writing it to stdout.
Thus any of the following invocations can be used:
$ ansible-vault encrypt
$ ansible-vault encrypt --output OUTFILE
$ ansible-vault encrypt INFILE --output OUTFILE
$ echo secret|ansible-vault encrypt --output OUTFILE
Reading from stdin and writing only encrypted output is a good way to
prevent sensitive data from ever hitting disk (either interactively or
from a script).
DECRYPT
$ ansible-vault decrypt [options] FILE_1 [FILE_2, ..., FILE_N]
The decrypt sub-command is used to remove all encryption from data
files. The files will be stored as plain-text YAML once again, so be
sure that you do not run this command on data files with active
passwords or other sensitive data. In most cases, users will want to
use the edit sub-command to modify the files securely.
As with encrypt, the decrypt subcommand also accepts the --output
FILENAME option to specify where plaintext output is stored, and
stdin/stdout is handled as described above.
AUTHOR
Ansible was originally written by Michael DeHaan. See the AUTHORS file
for a complete list of contributors.
COPYRIGHT
Copyright © 2014, Michael DeHaan
Ansible is released under the terms of the GPLv3 License.
SEE ALSO
ansible(1), ansible-pull(1), ansible-doc(1), ansible-playbook(1),
ansible-galaxy(1)
Extensive documentation is available in the documentation site:
http://docs.ansible.com. IRC and mailing list info can be found in file
CONTRIBUTING.md, available in: https://github.com/ansible/ansible
Ansible 2.0.0.2 01/14/2016 ANSIBLE-VAULT(1)
[top]
List of man pages available for DragonFly
Copyright (c) for man pages and the logo by the respective OS vendor.
For those who want to learn more, the polarhome community provides shell access and support.
[legal]
[privacy]
[GNU]
[policy]
[cookies]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
|
Vote for polarhome
|