Last Updated: February 25, 2016
· ramondelafuente

Use Ansible vault with Vagrant

When you use Ansible's vault feature, you need to pass the --ask-vault-pass (or --vault-password-file) parameter to ansible-playbook.

[UPDATE: Vagrant 1.6 has added this feature: ansible.ask_vault_pass, ansible.vault_password_file]

Until the ansible provisioner in Vagrant is updated to include the feature, you cannot pass this directly. But you can pass it in through the raw-arguments like this:

ansible.raw_arguments  = "--ask-vault-pass"

As an additional tip, when setting multiple raw arguments, do not set them in a single line but add multiple raw_arguments to your Vagrantfile:

ansible.raw_arguments  = "--user=vagrant"
ansible.raw_arguments  = "--private-key=~/.vagrant.d/insecure_private_key"
ansible.raw_arguments  = "--ask-vault-pass"

1 Response
Add your response

We can also use like this:

config.vm.provision :ansible do |ansible|

ansible.ask_vault_pass = true

ansible.playbook = "site.yml"

ansible.sudo = true

ansible.extra_vars = { ansible_ssh_user: 'vagrant' }

ansible.raw_arguments  = "--private-key=~/.vagrant.d/insecure_private_key"

ansible.host_key_checking = false


over 1 year ago ·