How to upload encrypted file using ansible vault?

Question:

Does anyone have an example of decrypting and uploading a file using ansible-vault.

I am thinking about keeping my ssl certificates encrypted in source control.

It seems something like the following should work.

Answer:

UPDATE: Deprecated as of 2016, Ansible 2.1

On any Ansible version prior of 2.1:

That’s not going to work. What you will get is your encrypted.crt (with Ansible Vault) uploaded literally as domain.crt

What you need to do is make your playbook part of a “Vault” and add a variable that contains your certificate content. Something like this:

You can choose to put your mycert variable in a separate variable file using Ansible Vault too.

The copy module has been updated in Ansible 2.1. From the changelog:
“copy module can now transparently use a vaulted file as source, if
vault passwords were provided it will decrypt and copy on the fly.”
Noting it here, since some people will inevitably not look past the
accepted answer. – JK Laiho

Leave a Reply