How to decrypt an Ansible Vault?
From an encrypted file to plaintext using the correct password.
I will show you a live Playbook with some simple Ansible code.
I'm Luca Berton, and welcome to today's episode of Ansible Pilot.
ansible-vault
- Included in Ansible installation
- Ansible Vault
- command line
The ansible-vault command is included in every Ansible installation for the most modern operating system.
It is a command line tool so interact with that using your terminal.
Using the ansible-vault command, you could perform any Ansible vault operation: encryption, decryption, change of password, etc.
Links
- https://docs.ansible.com/ansible/latest/user_guide/vault.html
Playbook
I will show you how to decrypt an Ansible Vault using the ansible-vault command line utility.
At the beginning of this example, we start with an encrypted Ansible vault, and once we enter the correct password, we obtain a cleartext file.
execution
``bash
$ ansible-vault decrypt encrypted-to-plain.yml
Vault password:
Decryption successful
`
before execution
`bash
$ cat encrypted-to-plain.yml
$ANSIBLE_VAULT;1.1;AES256
65333637643363376438633838346563353666636433613032333663666137613839333564393238
3930333031633134346461303636623937353561643464390a363534383938396336346130653231
34356437363733313638336437343735366362343031663866326135633538373237646537356638
6163373837343332660a323666666534353561656464353033613137333463316534663062643561
34373865636163626163313235393239653539356665373361373939633138373137643264386533
3761646565643732396531313561366364353031373731353839
`
after execution
`bash
$ cat encrypted-to-plain.yml
---
password: mysupersecretpassword
``
Conclusion
Now you know how to decrypt an Ansible Vault.