Hi Ansible community.
I want to use ansible vault. Since I do not want to store my vault key in a file and I do not want to type it in every time I run a playbook, I wonder, if I can do this:
Store the vault key in an environment variable for example ANSIBLE_VAULT_KEY
This gets used everytime I run a playbook. When I am finished, I close the session or empty the variable.
What do you think? Is it possible? That would speed up my workflow and make my installation much faster.
Oliver
I don’t think there’s builtin way, but you can achieve this using vault client scripts
Create new file vault-passphrase-client.sh, with following content:
#!/usr/bin/env sh
echo "$ANSIBLE_VAULT_PASSPHRASE"
Make it executable and pass it with --vault-password-file=vault-passphrase-client.sh or add following to your ansible.cfg:
[defaults]
vault_password_file = ./vault-passphrase-client.sh
Side note, i have also written small script to use GPG to decrypt my passphrase from disk. See this gist
On first run it will generate random 128 character key and store it encrypted for recipients in the ANSIBLE_VAULT_PASSPHRASE_RECIPIENTS enviroment variable at .vault-passhrase.gpg.
Later os will prompt me for the gpg key passphrase once and subsequent runs it’s cached.
You can also manually create passphrase file with your own, like so:
echo "secure-password" | gpg2 --encrypt --armor --output vault-passphrase.gpg --recipient me@example.com
This is the way 
Let me refer you to this article:
Superb. I just implemented this and it works like a charm!