Encrypt & decrypt files with "Ansible Vault". Accepts any command that
Usage for "spin vault"
spin vault <ansible-vault-action>
spin vault command will intelligently pass any arguments to your local
ansible-vault binary or to Docker if Ansible is not installed locally. It will also accept any commands that are documented with
edit: Edit an encrypted file
encrypt: Encrypt an unencrypted file
decrypt: Decrypt an encrypted file
More actions and syntax reference can be found in the official documentation.
Encrypt a file
spin vault encrypt myfile.txt
Edit an encrypted file
spin vault edit myfile.txt
This command will automatically run
ansible vault via Docker if you do not have Ansible installed on your system. The only major downfall to this approach is when it comes to editing your secret files, you will need to do this all through
vi, which can be pretty annoying.
If you'd like a better experience, you may want to consider installing and configuring Ansible on your local machine so you can edit your secrets with your favorite editor.
It's possible to edit your secrets with Sublime Text, but it requires a bit of setup. You'll need to install Ansible to your system.
Once Ansible is installed and you're able to execute
ansible-vault locally, you'll then need to set Sublime Text as your editor.
Set Sublime Text as your editor
export EDITOR="subl -w"
Add this to your
~/.zshrc file to make it permanent.
If you're constantly being asked to provide a vault password, you can speed up your workflow by securely saving your password to a
.vault-password file in your project root.
If that file exists, Ansible will automatically load the password from that file.