Ansible - Encrypt a property (password, private key)

From a literal

• In line String

ansible-vault encrypt_string [--prompt] [options] string_to_encrypt

From a file

• String from a File content

cat file | ansible-vault encrypt_string [--prompt] [options] 

You can encrypt a private key this way for instance.

With a executable passwordFile and without label

• First create a file that will store the Ansible vault passphrase

#!/usr/bin/env bash
echo myVaultPassord

• Encrypt with a Vault Id which is here only a password and no label

ansible-vault encrypt_string --vault-id passwordFile.sh 'password' 
# If you want to have the property name in the output, you can add it as parameter
# --name 'property_name'

property_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62386330373731643635353932343165306363336336373739316531366536323437396639313033
          6139356564646365303132373830623737356535663434350a613861646230343430396462333465
          38363831353565336537636633616438383230313237316133366631363932623632313236383262
          3238363861363133380a303030653165613538633731353065623366613162656166366563636238
          3533
Encryption successful

With a executable password file and with label

With a executable password file and with vault label

#!/usr/bin/env bash
echo myVaultPassword

• With the label dev for instance

ansible-vault encrypt_string --vault-id [email protected] 'foobar' --name 'the_secret'

• In the value, we can see the dev label coming back.

the_secret: !vault |
          $ANSIBLE_VAULT;1.2;AES256;dev
          32623539663635343531646264366163303738326632613535376633653865643333353536623832
          6136313230363737316465623963326237653063336666310a356137333139323130393933373537
          61623432663236313137303561333830396566613030383431666662326632653333323730316638
          6661353435323536650a376662313430646634643763653766616565326661303438653233656366
          3461