shawnsi/README.md

Last active December 25, 2025 17:13

Star (29) You must be signed in to star a gist
Fork (5) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/shawnsi/b13f6a740bddc670e633.js"></script>
Save shawnsi/b13f6a740bddc670e633 to your computer and use it in GitHub Desktop.

Download ZIP

Ansible Vault Environment Variable

Raw

Ansible Vault Environment Variable

Per http://docs.ansible.com/ansible/playbooks_vault.html you can set an environment variable to use a password file for vault access. We can use this to create an environment variable to hold the password.

Password Script

Copy vault-env from this project to ~/bin. Then add this to your ~/.bashrc:

export ANSIBLE_VAULT_PASSWORD_FILE=~/bin/vault-env

Usage

Now just export your password in your shell as needed. Don't be a douche and put this in your profile though.

export ANSIBLE_VAULT_PASSWORD=<password>

Raw

	#!/bin/bash

	echo $ANSIBLE_VAULT_PASSWORD

pyrou commented Dec 6, 2017

Don't forget to make vault-env executable

 chmod +x ~/bin/vault-env

paulcalabro commented Nov 21, 2018

This is a good idea. Thanks for sharing!

fullofcaffeine commented Jan 31, 2019

Even better, use secret-tool to store and fetch the password :)

sthames42 commented Dec 25, 2025

This may have been true, once, but not any longer. The entire contents of the password file becomes the password used to encrypt. Found this out the hard way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment