# Ansible Vault ## Ansible Vault Operations Ansible Vault is used to secure and ecncrypt / decrypt files within Ansible. It can perform operations list below (but not limited to): ### With ansible Vault, you can: ````yaml - Encrypt an existing file/playbooks - Decryt a file - Edit and encrypted file - Generate or reset key ```` ### Ansible-vault CLI sub-commands ````yaml= {create,decrypt,edit,view,encrypt,encrypt_string,rekey} create Create new vault encrypted file decrypt Decrypt vault encrypted file edit Edit vault encrypted file view View vault encrypted file encrypt Encrypt YAML file encrypt_string Encrypt a string rekey Re-key a vault encrypted file ```` ### Ansible Vault Tasks ````yaml= Create an encrypted playbook: ansible-vault create vault-demo.yaml view the encrypted playbook: ansible-vault view vault-demo.yaml Edit the encrypted playbook: ansible-vault edit vault-demo.yaml decrypt the playbook: ansible-vault decrypt vault-demo.yaml encrypt the playbook again: ansible-vault encrypt vault-demo.yaml Run the playbook (and watch it faile as no password given): ansible-playbook vault-demo.yaml Run the playbook with the flag to ask for vault password: ansible-playbook vault-demo.yaml --ask-vault-pass Change the vault password for an existing file: ansible-vault rekey vault-demo.yaml ````