Adding the vault password file option to the Ansible configuration
With version 1.7, it's also possible to add the vault_password_file option to the ansible.cfg file in the defaults section.
Consider the following:
[defaults] vault_password_file = ~/.vault_pass
The preceding option gives you the freedom of not specifying the encryption password or the password file every time. Let's take a look at the following commands:
# launch ansible playbook run with encrypted data # with vault_password_file option set in the config $ ansible-playbook -i customhosts site.yml $ ansible-vault encrypt roles/mysql/defaults/main.yml Encryption successful $ ansible-vault decrypt roles/mysql/defaults/main.yml Decryption successful
Moreover, when starting with version 1.7, instead of storing a plain text password in the file, a script can also be provided in the vault_password_file option. When using the script, ensure that:
- The execute bit is enabled on the script
- Calling this script outputs a password...
