Encrypting Files with Ansible Vault

Have you ever wanted to create a wide-open file share on your LAN to enable your users to quickly and easily share files? In this video, the viewer is shown the process of setting up a custom Samba implementation on Debian/Ubuntu that makes sharing files on your LAN easy.

YouTube player

Store the vault password

  • Generate the password (using whichever app you’d like, Keepassxc was used in the video)
  • Store it in ~/.vault_key (or wherever you prefer)

Correct Key File Permissions

Prevent the key file from being read by other users:

chmod 600 ~/.vault_key

Encrypt a file

ansible-vault encrypt <filename>

Decrypt a file

ansible-vault decrypt --vault-password-file ~/.vault_key <filename>

Edit a file directly

ansible-vault edit --vault-password-file ~/.vault_key info.txt

View an encrypted file without decrypting it first

ansible-vault view --vault-password-file ~/.vault_key info.txt

Provide an encryption key while using ansible-pull

sudo ansible-pull --vault-password-file ~/.vault_key https://github.com/jlacroix82/ansible_pull_tutorial.git

Changing the vault password for a file

ansible-vault rekey <filename> --vault-password-file ~/.vault_key