Provided by: ansible_2.6.5+dfsg-1_all bug

NAME

       ansible-vault - encryption/decryption utility for Ansible data files

SYNOPSIS

       ansible-vault       [create|decrypt|edit|encrypt|encrypt_string|rekey|view]      [options]
       [vaultfile.yml]

DESCRIPTION

       can encrypt any structured data file used by Ansible.  This  can  include  group_vars/  or
       host_vars/  inventory  variables,  variables  loaded  by  include_vars  or  vars_files, or
       variable files passed on the ansible- playbook  command  line  with  -e  @file.yml  or  -e
       @file.json.  Role variables and defaults are also included!

       Because  Ansible  tasks, handlers, and other objects are data, these can also be encrypted
       with vault.  If you'd like to not expose what variables you are using,  you  can  keep  an
       individual task file entirely encrypted.

       The  password  used  with  vault  currently must be the same for all files you wish to use
       together at the same time.

COMMON OPTIONS

       --ask-vault-pass
          ask for vault password

       --new-vault-id 'NEW_VAULT_ID'
          the new vault identity to use for rekey

       --new-vault-password-file
          new vault password file for rekey

       --vault-id
          the vault identity to use

       --vault-password-file
          vault password file

       --version
          show program's version number and exit

       -h, --help
          show this help message and exit

       -v, --verbose
          verbose mode (-vvv for more, -vvvv to enable connection debugging)

ACTIONS

       encrypt
              encrypt the supplied file using the provided vault secret

              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
                 the vault id used to encrypt (required if more than vault-id is provided)

              --output
                 output file name for encrypt or decrypt; use - for stdout

       rekey  re-encrypt a vaulted file with a new secret, the previous secret is required

              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
                 the vault id used to encrypt (required if more than vault-id is provided)

       encrypt_string
              encrypt the supplied string using the provided vault secret

              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
                 the vault id used to encrypt (required if more than vault-id is provided)

              --output
                 output file name for encrypt or decrypt; use - for stdout

              --stdin-name 'ENCRYPT_STRING_STDIN_NAME'
                 Specify the variable name for stdin

              -n,   --name
                 Specify the variable name

              -p,   --prompt
                 Prompt for the string to encrypt

       edit   open and decrypt an existing vaulted file in an editor, that will be encryped again
              when closed

              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
                 the vault id used to encrypt (required if more than vault-id is provided)

       create create  and  open a file in an editor that will be encryped with the provided vault
              secret when closed

              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
                 the vault id used to encrypt (required if more than vault-id is provided)

       decrypt
              decrypt the supplied file using the provided vault secret

              --output
                 output file name for encrypt or decrypt; use - for stdout

       view   open, decrypt and view an existing vaulted file using a pager  using  the  supplied
              vault secret

ENVIRONMENT

       The following environment variables may be specified.

       ANSIBLE_CONFIG -- Specify override location for the ansible config file

       Many more are available for most options in ansible.cfg

       For a full list check https://docs.ansible.com/. or use the ansible-config command.

FILES

       /etc/ansible/ansible.cfg -- Config file, used if present

       ~/.ansible.cfg -- User config file, overrides the default config if present

       ./ansible.cfg  --  Local config file (in current working direcotry) assumed to be 'project
       specific' and overrides the rest if present.

       As mentioned above, the ANSIBLE_CONFIG environment variable will override all others.

AUTHOR

       Ansible was originally written by Michael DeHaan.

COPYRIGHT

       Copyright © 2018 Red Hat, Inc | Ansible.  Ansible is released under the terms of the GPLv3
       license.

SEE ALSO

       ansible (1), ansible-config (1), ansible-console (1), ansible-doc (1), ansible-galaxy (1),
       ansible-inventory (1), ansible-playbook (1), ansible-pull (1),

       Extensive    documentation    is    available    in    the    documentation    site:    <‐
       https://docs.ansible.com>.    IRC   and   mailing   list   info   can  be  found  in  file
       CONTRIBUTING.md, available in: <https://github.com/ansible/ansible>