Ansible: How to encrypt some variables in an inventory file in a separate vault file?

Question:

The settings

Consider an Ansible inventory file similar to the following example:

The problem

I would like to store some of the vars (like db_password) in an Ansible vault, but not the entire file.

How can a vault-encrypted ansible file be imported into an unencrypted inventory file?

What I’ve tried

I have created an encrypted vars file and tried importing it with:

To which ansible-playbook responded with:

Probably because it tried to parse the include statement as a variable.

Answer:

If your issue is to have both unencrypted and encrypted vars files per group_hosts.

You can use this ansible feature : http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults

Ansible will read automatically vault.yml as encrypted yaml file.

Leave a Reply