Using a password file
Entering the password every time may not be ideal. Often at times you may also want to automate the process of launching Ansible playbook runs, in which case, an interactive way is not feasible. This can be avoided by storing the password in a file and providing the file to the Ansible playbook run. The password should be provided as a single line string in this file.
Let's create a password file and secure it with the correct permissions:
$ echo "password" > ~/.vault_pass (replace password with your own secret) $ chmod 600 ~/.vault_pass
Tip
When the vault password is stored as plain text, anyone who has access to this file can decrypt the data. Make sure the password file is secured with appropriate permissions, and is not added to version control. If you decide to version control it, use gpg or equivalent measures.
Now this file can be provided to the Ansible playbook, as follows:
$ ansible-playbook -i customhosts site.yml --vault-password-file ~/.vault_pass...
