Eventually, you will need to include sensitive data in your Ansible recipes. All the recipes that we have discussed so far have to be stored on the disk in plain text; if you are also storing it in source control, then third parties may even have access to this data. This is risky and may be in violation of your corporate policies.
This can be avoided using Ansible vaults. Vaults are files that are encrypted and can be decrypted by Ansible transparently. You can use them for includes, variable files, tasks lists in roles and any other YAML formatted file that Ansible uses. You can also use it with both JSON and YAML files included with the
-e command-line argument to ansible-playbook. Vault files are managed with the