Ansible provide an easy way to encrypt or decrypt files to keep sensitive data in our playbooks. For example, you can have a template which has some username and password and you can keep encrypted.
Vault password file
Create a vault password file for encrypt and decrypt.
$ echo "some long password here" > ~/ansible_keyCreate a yaml file variables.yml with sensitive data, for example with an username and password.
---
username: pepe
password: A*07^&%%#!Encrypt
Encrypt the yaml file variables.yml which contains sensitive data.
$ ansible-vault decrypt \
--vault-password-file=~/ansible_key \
variables.yml
Encryption successful$ cat ~/variables.yml
$ANSIBLE_VAULT;1.1;AES256
35323331326264316238616131386462666330363037663230316335343263313630636132383933
6339386537326461336465393930323237326661303331310a306361363365373131646136376661
37376266663139303964313838306432636630313137653466663264633539666365633332313337
3831353836656130620a643032373137646261393561383264323039323030633530636363643733
39646332373737613162353764336633323464373663396631396432613335343263613262326337
3861376563626330343039393866313861383964383431623137Decrypt
Decrypt a the yaml file variables.yml.
$ ansible-vault decrypt \
--vault-password-file=~/ansible_key \
variables.yml