Ansible Vault cheat sheet
@showconfigEncrypts & decrypts values, data structures and files within Ansible projects.
# Create a new encrypted vault file with a prompt for a password: ansible-vault create vault_file # Create a new encrypted vault file using a vault key file to encrypt it: ansible-vault create --vault-password-file=password_file vault_file # Encrypt an existing file using an optional password file: ansible-vault encrypt --vault-password-file=password_file vault_file # Encrypt a string using Ansible's encrypted string format, displaying interactive prompts: ansible-vault encrypt_string # View an encrypted file, using a password file to decrypt: ansible-vault view --vault-password-file=password_file vault_file # Re-key already encrypted vault file with a new password file: ansible-vault rekey --vault-password-file=old_password_file --new-vault-password-file=new_password_file vault_file
P.S. Tricky way sometimes ;)
yq read main.yml database.password | ansible-vault decrypt