Vault Ids and Multiple Vault Passwords

supermario18b · July 26, 2018, 4:53pm

Hi everyone,

I’m tryng to understand how multiple vault passwords work.

I found this example about providing vault-id passwords:

`
ansible-playbook --vault-id dev@dev-password --vault-id prod@prompt site.yml

`


In the example above ansible first tries the dev password and if it doesn't work it prompts for a password.  

I'd like to know if something similar to this is possible:

ansible-playbook --vault-id dev@dev-password --vault-id dev2@dev-password site.yml

(2 different passwords in the same dev-password file)

if yes, I'm not able to have/set 2 passwords with two ids in the same vaultfile.

At the moment I know:

ansible-vault encrypt_string --vault-id dev@dev-password --stdin-name 'dev_string'

but naturally  if a type:

ansible-vault encrypt_string --vault-id dev2@dev-password --stdin-name 'dev_string2'

only the password in dev-password will be used and it'll be the same of dev.

Can you tell me how to do it?

Thanks

supermario18b · July 29, 2018, 9:59am

At the moment I understand that I can pass multiple password files with --vault-id.

What I don’t understand is the scope of labels. As I see I can’t user different labels for the same password file. So why use them?

I’m aware that I’m missing something Could you point me to the right direction?

Topic		Replies	Views
Vault Ansible Developer	0	0	July 24, 2020
vault-id and multiple password files in ansible.cfg Ansible Project	1	2	April 27, 2018
support for multiple vault passwords / https://github.com/ansible/ansible/pull/22756 Ansible Developer	0	0	July 24, 2017
2.4 support for multiple vault passwords, looking for feedback Ansible Project	0	0	July 26, 2017
Multiple vault password Ansible Developer	1	2	July 27, 2020

Vault Ids and Multiple Vault Passwords

Related topics