Apr 23, 2021 5 min read

RHCE Ansible Series #8: Encrypting Content With Ansible Vault

This is the eighth chapter of RHCE Ansible EX 294 exam preparation series. In this tutorial, you'll learn about securing sensitive information with Ansible Vault. The chapter will be available to non-members after a week.

There are many situations where you would want to use sensitive information in Ansible. For instance, you may want to set user’s password, transfer certificates or keys, etc.

In this tutorial, you will learn to:

  • Use Ansible Vault to protect and deal with sensitive information.
  • Create, view, and edit vault encrypted files.
  • Decrypt vault encrypted files and to change the password of a vault encrypted file.

Furthermore, you will learn how to use encrypted variables and files in your playbooks.

This is the 8th chapter of the RHCE Ansible tutorial series. The series teaches you Ansible with hands-on examples so that you learn by doing it. If this is your first time here, you should refer to other chapters in this series.

Creating encrypted files

To create a new encrypted file; you can use the ansible-vault create command. To demonstrate, let’s create a new encrypted file named secret.txt:

[[email protected] plays]$ ansible-vault create secret.txt
New Vault password: 
Confirm New Vault password:

It will first prompt you for a vault password that you can use whenever you want to open the file later afterwards. After you enter the password, it will open the file with your default file editor and so you can go ahead and insert the following line:

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Linux Handbook.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.