Ansible: How to encrypt some variables in an inventory file in a separate vault file?


The settings

Consider an Ansible inventory file similar to the following example:

The problem

I would like to store some of the vars (like db_password) in an Ansible vault, but not the entire file.

How can a vault-encrypted ansible file be imported into an unencrypted inventory file?

What I’ve tried

I have created an encrypted vars file and tried importing it with:

To which ansible-playbook responded with:

Probably because it tried to parse the include statement as a variable.


If your issue is to have both unencrypted and encrypted vars files per group_hosts.

You can use this ansible feature :

Ansible will read automatically vault.yml as encrypted yaml file.

Leave a Reply