Using Unvault to Read Vaulted and Non Vaulted Files

Published: August 16, 2020 by Author's Photo Shane Rainville | Reading time: 2 minutes
Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

Unvault is a plugin introduced by the Ansible core team which allows you to read contents of any file, vaulted or not. Used within a lookup you can retrieve the contents of a specific file. Ansible we determine whether it is vaulted or not and apply the appropriate action to read it.

Create a regular file

The following file be used as an example non-vaulted file that will have its contents read using unvault in a lookup. The file’s name will be foo.txt, and it will have the following contents:

hello, world!

Lookup contents of a file

In order to retrieve the contents of the file we use a lookup with the unvault plugin, and specify the path to the file on the Ansible controller’s file system.

- name: Read contents of foo.txt
  debug: msg="the value of foo.txt is {{lookup('unvault', '/etc/foo.txt')|to_string}}"

The output of the debug message will contain the contents of the foo.txt file.

hello, world!

Create a vaulted file

Our next example will be of a vaulted file named bar.txt.vaulted. Create a new vaulted file named bar.txt.vaulted.

ansible-vault create bar.txt.vaulted

The file will have the following contents.

hello, world! I'm vaulted!

Lookup contents of vaulted file

Using a lookup with the unvault plugin we can read the contents of the vaulted file bar.txt.vaulted. In the example below, like in the non-vaulted file example above, we are outputting the contents of the file in a debug message.

- name: Read contents of bar.txt.vaulted
  debug: msg="the value of bar.txt.vaulted is {{lookup('unvault', '/etc/bar.txt.vaulted')|to_string}}"

The debug message should print the following to screen.

hello, world! I'm vaulted!
Author Photo
Blogger, Developer, pipeline builder, cloud engineer, and DevSecOps specialist. I have been working in the cloud for over a decade and running containized workloads since 2012, with gigs at small startups to large financial enterprises.

How to Install Ansible on Ubuntu Debian

Publised September 1, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

Ansible V2.10.0 Released

Publised August 16, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Deploy Jekyll on Kubernetes

Publised September 15, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Update Kubernetes Deployments

Publised September 11, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Configure Node-based apps in Kubernetes

Publised September 9, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Backup and Restore MongoDB Deployment on Kubernetes

Publised September 3, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Immediately Start Kubernetes CronJobs Manually

Publised September 2, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.

How to Deploy Java Apps with Tomcat on Kubernetes

Publised September 1, 2020 by Shane Rainville

Learn how to use the new Ansible Unvault plugin in a lookup to read the contents of any file, vaulted or non vaulted. Ansible will automatically detect and decrypt as necessary.