Encrypt Ansible Files With Ansible Vault

In this blog post, I will show you how to encrypt Ansible files using Ansible vault.

Ansible Vault

Vault is a built-in feature in Ansible that is already available with any installation without needing to modify the configuration.

Using vault, we can encrypt any YAML, JSON or variables Ansible is using during runtime or while the data is at rest.

By encrypting our files, we can protect valuable data that Ansible is using.


Let’s start and encrypt a playbook file (YAML) by using the following command.

Ansible-vault create securefile.yaml

After running the command, you will need to set up a password that you will need to use in case you would like to edit the file.

After typing the password, the vi editor will open it, and you can add content to it.

If I try to open the file, I will get the following output which means the file is encrypted.

Edit Encrypted File

To edit an encrypted file, we use the following command.

ansible-vault edit securefile.yaml

Run Encrypted Playbook

To run an encrypted playbook, we need to use the following command and switch.

ansible-playbook --ask-vault-pass secureplaybook.yaml

Encrypt an Existing Playbook

To encrypt an existing file, use the following command.

ansible-vault encrypt secureplaybook.yaml

Decrypt an encrypted file

And finally to overdone an encryption we need to run the following command.

ansible-vault decrypt secureplaybook.yaml

Success! You're on the list.