Ansible 创建加密文件到现有保管库

Question

I created an encrypted file with ansible vault like so:

ansible-vault create encrypted-example-file1

It seems that ansible creates a new vault here, because it asks for new Vault password from me. That is ok, I gave a password for the new Vault to be created. This all seems working fine, I give the password to get the file decrypted during playbook run.

Now I want to create another encrypted file, and I would like to store it to the same vault I created earlier, so that I wouldn't need a separate password for the second file. How to do that? I tried to repeat the command:

ansible-vault create encrypted-example-file2

But the problem is that it again asks new vault password , which indicates it wishes me to create yet another vault? I don't want to do that. So how can I apply the existing ansible vault for the new encrypted file? I tried reading the ansible docs but did not catch any guide on how to do it.

Answer 1

Ansible vaults works for file encryption or variable encryption. If you want to encrypt a different file then you have to provide password again to encrypt the file using ansible vault. You can use the same password for file1 and file2. While executing playbook ansible will decrypt both files using the same password.

It's also possible to edit the encrypted encrypted-example-file1 using ansible-vault edit command then add additional content of encrypted-example-file2 for encryption.

ansible-vault edit encrypted-example-file1

Here are more details.

Answer 2

You do not necessarily have to type the password every time you use ansible-vault .

ansible, ansible-playbook, and ansible-vault all have --vault-password-file=VAULT_PASSWORD_FILES parameter that you can use to specify a file in which you store the password.