OnWorks favicon

ansible-vault - Online in the Cloud

Run ansible-vault in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command ansible-vault that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



ansible-vault - manage encrypted ansible vars files (YAML).


ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name


ansible-vault can encrypt any structured data file used by Ansible. This can include
group_vars/ or host_vars/ inventory variables, variables loaded by include_vars or
vars_files, or variable files passed on the ansible-playbook command line with -e
@file.yml or -e @file.json. Role variables and defaults are also included!

Because Ansible tasks, handlers, and so on are also data, these can also be encrypted with
vault. If you’d like to not betray what variables you are even using, you can go as far to
keep an individual task file entirely encrypted.

The password used with vault currently must be the same for all files you wish to use
together at the same time.


The following options are available to all sub-commands:

A file containing the vault password to be used during the encryption/decryption
steps. Be sure to keep this file secured if it is used. If the file is executable, it
will be run and its standard output will be used as the password.

A file containing the new vault password to be used when rekeying a file. Be sure to
keep this file secured if it is used. If the file is executable, it will be run and
its standard output will be used as the password.

-h, --help
Show a help message related to the given sub-command.

If --valut-password-file is not supplied ansib-vault will automatically prompt for
passwords as required.


$ ansible-vault create [options] FILE

The create sub-command is used to initialize a new encrypted file.

After providing a password, the tool will launch whatever editor you have defined with
$EDITOR, and defaults to vim. Once you are done with the editor session, the file will be
saved as encrypted data.

The default cipher is AES (which is shared-secret based).


$ ansible-vault edit [options] FILE

The edit sub-command is used to modify a file which was previously encrypted using

This command will decrypt the file to a temporary file and allow you to edit the file,
saving it back when done and removing the temporary file.


$ ansible-vault rekey [options] FILE_1 [FILE_2, ..., FILE_N]

The rekey command is used to change the password on a vault-encrypted files. This command
can update multiple files at once.


$ ansible-vault encrypt [options] FILE_1 [FILE_2, ..., FILE_N]

The encrypt sub-command is used to encrypt pre-existing data files. As with the rekey
command, you can specify multiple files in one command.

The encrypt command accepts an --output FILENAME option to determine where encrypted
output is stored. With this option, input is read from the (at most one) filename given on
the command line; if no input file is given, input is read from stdin. Either the input or
the output file may be given as - for stdin and stdout respectively. If neither input nor
output file is given, the command acts as a filter, reading plaintext from stdin and
writing it to stdout.

Thus any of the following invocations can be used:

$ ansible-vault encrypt

$ ansible-vault encrypt --output OUTFILE

$ ansible-vault encrypt INFILE --output OUTFILE

$ echo secret|ansible-vault encrypt --output OUTFILE

Reading from stdin and writing only encrypted output is a good way to prevent sensitive
data from ever hitting disk (either interactively or from a script).


$ ansible-vault decrypt [options] FILE_1 [FILE_2, ..., FILE_N]

The decrypt sub-command is used to remove all encryption from data files. The files will
be stored as plain-text YAML once again, so be sure that you do not run this command on
data files with active passwords or other sensitive data. In most cases, users will want
to use the edit sub-command to modify the files securely.

As with encrypt, the decrypt subcommand also accepts the --output FILENAME option to
specify where plaintext output is stored, and stdin/stdout is handled as described above.

Use ansible-vault online using onworks.net services

Free Servers & Workstations

Download Windows & Linux apps

  • 1
    ExpressLuke GSI
    ExpressLuke GSI
    This SourceForge download page was to
    grant users to download my source built
    GSIs, based upon phhusson's great
    work. I build both Android Pie and
    Android 1...
    Download ExpressLuke GSI
  • 2
    PyQt is the Python bindings for
    Digia's Qt cross-platform
    application development framework. It
    supports Python v2 and v3 and Qt v4 and
    Qt v5. PyQt is avail...
    Download PyQt
  • 3
    Gambas3* coding tools and examples for
    use in SMB or other organizations that
    make internal programs. E.g. from
    database fields to class sourcecode with
    Download garlic3
  • 4
    Sardi is a complete restyling and
    optimisation of svg code. 6 choices for
    your applications and 10 kind of folders
    to use in your file manager. The sardi
    Download Sardi
  • 5
    LMMS Digital Audio Workstation
    LMMS Digital Audio Workstation
    LMMS is a free cross-platform software
    which allows you to produce music with
    your computer. If you like this project
    consider getting involved in the project
    Download LMMS Digital Audio Workstation
  • 6
    FreeRTOS Real Time Kernel (RTOS)
    FreeRTOS Real Time Kernel (RTOS)
    FreeRTOS is a market-leading real-time
    operating system (RTOS) for
    microcontrollers and small
    microprocessors. Distributed freely
    under the MIT open source lice...
    Download FreeRTOS Real Time Kernel (RTOS)
  • 7
    Avogadro is an advanced molecular
    editor designed for cross-platform use
    in computational chemistry, molecular
    modeling, bioinformatics, materials
    science and ...
    Download Avogadro
  • More »

Linux commands