Can I create a ansible-vault file from within ansible? I am creating a deployment package for another server (to be run locally) from ansible and I want to encrypt sensitive data (the key itself is transferred over a different channel).
Does ansible-vault have a non-interactive mode to create a vault file? Or is there some ansible intrinsic way?
You can use the --vault-password-file option of ansible-vault for non-interactive vault file creation. The file passed in can be a text file containing the vault password, or it can be an executable script that retrieves and outputs the vault password.
You would call it like this:
ansible-vault --vault-password-file=vaultpass.txt encrypt sensitive_data.txt
If you would like to create the file on the fly, rather than copying over or encrypting an existing file, you can omit the filename from this command and pipe the data to STDIN:
echo "sensitive data" | ansible-vault --vault-password-file=vaultpass.txt encrypt --output outfile.txt
