{"id":24754137,"url":"https://github.com/harobed/ansible-vault-tutorial","last_synced_at":"2026-04-16T18:05:26.389Z","repository":{"id":137219494,"uuid":"120664932","full_name":"harobed/ansible-vault-tutorial","owner":"harobed","description":"In this tutorial, I try to explain how to structure one Ansible environment with Ansible Vault support and store Ansible vault password with GnuPG.","archived":false,"fork":false,"pushed_at":"2018-02-08T10:58:29.000Z","size":6,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-28T11:46:01.056Z","etag":null,"topics":["ansible","ansible-vault","gnupg","tutorial"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harobed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-07T20:02:30.000Z","updated_at":"2021-02-23T00:32:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"fadcf0f3-342a-4c60-840e-4f8b7e8eeed3","html_url":"https://github.com/harobed/ansible-vault-tutorial","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harobed%2Fansible-vault-tutorial","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harobed%2Fansible-vault-tutorial/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harobed%2Fansible-vault-tutorial/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harobed%2Fansible-vault-tutorial/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harobed","download_url":"https://codeload.github.com/harobed/ansible-vault-tutorial/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245056906,"owners_count":20553856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-vault","gnupg","tutorial"],"created_at":"2025-01-28T11:39:07.485Z","updated_at":"2025-10-14T22:09:57.989Z","avatar_url":"https://github.com/harobed.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Vault Tutorial\n\nIn this tutorial, I try to explain how to structure one Ansible environment with:\n\n* [Ansible Vault](http://docs.ansible.com/ansible/2.4/vault.html) support\n* master key is stored in [secret file](secrets/ansible-vault-password.txt.gpg) encrypted with [GPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard)\n* Many users support: master key can is encrypted with several GPG Keys\n\n## Prerequisite\n\n* [Ansible](https://en.wikipedia.org/wiki/Ansible_(software))\n\n```\n$ brew install ansible gnupg\n```\n\nOptional, for test only:\n\n* [Virtualbox](https://en.wikipedia.org/wiki/VirtualBox) and [vagrant](https://en.wikipedia.org/wiki/Vagrant_(software))\n\n```\n$ brew install python3\n$ brew cask install vagrant virtualbox\n$ pip3 install paramiko\n```\n\n\n## Create or edit secret file\n\nIf secret file not exist:\n\n```\n$ ansible-vault create hosts/group_vars/all/secrets.yml\n```\n\nor edit this file:\n\n```\n$ ansible-vault edit hosts/group_vars/all/secrets.yml\n```\n\nShow secret content:\n\n```\n$ ansible-vault view hosts/group_vars/all/secrets.yml\nmy_secret: password\n```\n\n\n## Execute demo\n\nStart vagrant server\n\n```\n$ vagrant up\n```\n\nTest if vagrant ping:\n\n```\n$ ansible -m ping all ✘ 2 master ◼\nserver | SUCCESS =\u003e {\n \"changed\": false,\n \"ping\": \"pong\"\n}\n```\n\nExecute test playbook which use [Ansible Vault](http://docs.ansible.com/ansible/2.4/vault.html)\n\n```\nansible-playbook playbooks/demo.yml \n\nPLAY [server] ******************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [server]\n\nTASK [demo : Upload template file to /home/ubuntu/test1.txt] *******************\nok: [server]\n\nPLAY RECAP ********************************************************************\nserver : ok=2 changed=0 unreachable=0 failed=0\n```\n\nCheck secret content in `test1.txt` file:\n\n```\n$ vagrant ssh -c \"cat test1.txt\"\nvariable: password\n```\n\n## How Ansible Vault password is configured\n\nMaster key is stored in [secrets/ansible-vault-password.txt.gpg](secrets/ansible-vault-password.txt.gpg) file.\nRead [secrets/README.md](secrets/README.md) to know how to generate this file.\n\nDefault Vault password file is configured like this in [ansible.cfg](ansible.cfg)\n\n```\nvault_password_file = secrets/ansible-vault.sh\n```\n\nThe [secrets/ansible-vault.sh](secrets/ansible-vault.sh) file is a script which use gpg to decrypt master key:\n\n```\n#!/bin/bash\ngpg --decrypt --quiet --batch secrets/ansible-vault-password.txt.gpg\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharobed%2Fansible-vault-tutorial","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharobed%2Fansible-vault-tutorial","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharobed%2Fansible-vault-tutorial/lists"}