, Johann Schmitz

Once again I became tired of entering my Ansible Vault password every time I run a Ansible playbook.

Ansible supports placing the vaults password into a simple text file on your harddisk. However, placing the plain text password in a text file isn't great for security so I looked for a way to use my existing KDE wallet for this.

I came across this post which describes how to do it for the Mac OS keychain which can easily be adopted for the KDE wallet system:

First, create a "Password" entry with your vault password in your KDE wallet using the Wallet Manager.

Next, create this simple script in ~/bin (or somewhere else) and make it executable:

#!/bin/bash
kwallet-query -r ansible-vault kdewallet

where ansible-vault is the name of the entry in your wallet and kdewallet the name of your wallet.

As the last step, configure the vault_password_file setting in your ~/.ansible.cfg to point to the script.

Now, every time Ansible tries to unlock a vault, it will query your wallet for the password. Nice!

Another way is to Use PGP To Encrypt The Ansible Vault