How do I invoke ansible-vault encrypt when deploying to production?

I’m using Ansible Vault to encrypt usernames and passwords, so I can store the files securely on a public GitHub repo. However, I’m not sure how to invoke a prompt for ansible-vault when deploying to production ($ ./ production mywebsite).

Here’s a description from the Ansible Up & Running book:

We do need to tell ansible-playbook to prompt us for the password of the encrypted file, or it will simply error out. Do so by using the --ask-vault-pass argument

At the moment, I’m unencrypting locally, and then running the deploy shell script, which works fine. But would be good to know!

You can just modify to add that option on. Or just use the raw ansible-playbook command that the deploy script uses.

We also have Vault integration coming soon:

You can see that we solve that problem by using a .vault_pass file.

Yay, bingo! DEPLOY_CMD="ansible-playbook --ask-vault-pass -i… works a treat, thank you.

Will keep eyes peeled for Vault integration.

1 Like