Skip to content
Related Articles
Open in App
Not now

Related Articles

What is Ansible Vault?

Improve Article
Save Article
  • Last Updated : 22 Dec, 2022
Improve Article
Save Article

Pre-requisite: Ansible

Ansible is a configuration management, deployment, and orchestration tool. It is an open source and provides large productivity to a high amount of automation challenges. It is compatible with every operating system and the host server or cloud. Ansible is accessible to everyone; anyone can use this tool anytime. Ansible is lightweight and it is secure due to agentless capabilities. Ansible is a pushed-based tool.

Ansible Architecture



Ansible allows encrypting sensitive data such as keys, and passwords in encrypted files as per the requirement sensitive data convert into plaintext. When the user encrypts his sensitive file using the Ansible-Vault no one can see the data if someone tries to access the files it will show only the cyphertext. It is not in a human-readable format.

Working with Ansible Vault

Create a New Encrypted Playbook

Playbook: It is a YAML file where we write the code in YAML format to manage the configuration

# ansible-vault create playbook.yml
creating playbook


Now you can add your sensitive data or content and then save it with your unique key it will ask for the same key when you access the encrypted file. When you try to access the playbook first required to put key or password then you can access otherwise you only will be able to see the cypher text. It is not an easy task to convert cypher text into plain text. 

Access the YAML file without a password

# vi playbook.yaml
access file


Now you can see the text content visible in the cypher text

cypher text content


How to Decrypt the Encrypted Playbook

# ansible-vault decrypt playbook.yml
Decrypt the Encrypted Playbook


Decryption is Successful

Decrypt the Encrypted Playbook


Encrypt the Existing Playbook book

hello.yml file is an existing file 

# ansible-vault encrypt hello.yml
Encrypt the  Playbook


Encryption Successful

Encryption Successful


Change the key or Password for an Existing Encrypted Playbook

# ansible-vault rekey hello.yml

Change the key


Rekey Successful


Sometimes we want to change our password or keys for security purposes. Ansible vault allows us to change it n number of times.

My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!