How to decrypt an Ansible Vault?
From an encrypted file to plaintext using the correct password. I will show you a live Playbook with some simple Ansible code. I’m Luca Berton, and welcome to today’s episode of Ansible Pilot.
ansible-vault
- Included in Ansible installation
- Ansible Vault
- command line
The ansible-vault command is included in every Ansible installation for the most modern operating system.
It is a command line tool so interact with that using your terminal.
Using the ansible-vault command, you could perform any Ansible vault operation: encryption, decryption, change of password, etc.
Links
Playbook
I will show you how to decrypt an Ansible Vault using the ansible-vault command line utility. At the beginning of this example, we start with an encrypted Ansible vault, and once we enter the correct password, we obtain a cleartext file.
execution
$ ansible-vault decrypt encrypted-to-plain.yml
Vault password:
Decryption successful
before execution
$ cat encrypted-to-plain.yml
$ANSIBLE_VAULT;1.1;AES256
65333637643363376438633838346563353666636433613032333663666137613839333564393238
3930333031633134346461303636623937353561643464390a363534383938396336346130653231
34356437363733313638336437343735366362343031663866326135633538373237646537356638
6163373837343332660a323666666534353561656464353033613137333463316534663062643561
34373865636163626163313235393239653539356665373361373939633138373137643264386533
3761646565643732396531313561366364353031373731353839
after execution
$ cat encrypted-to-plain.yml
---
password: mysupersecretpassword
Conclusion
Now you know how to decrypt an Ansible Vault.
Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.Academy
Learn the Ansible automation technology with some real-life examples in my
Udemy 300+ Lessons Video Course.
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate