Ansible comes with a vault feature. It is meant to be used in the context of configuration management. But you can also use it as a standalone simple password vault for your personal or organization’s use.

Initial setup of password vault:

• Create or clone a Git or another SCM repository

git init 

• Create the password vault

ansible-vault create myvault.secret

Type the new master password and confirm, ansible-vault will open your text editor. Type your secrets in the editor and save and quit. To open your vault for viewing or editing in the future, you will need your vault password.

• Commit and push

git add myvault.secret 
git commit -m "My vault"

At this point, your password vault is set up and pushed to your central Git repository. The next time you want to use it on another or same device, here’s the flow you could use:

• Git pull

git pull

• View the contents of the vault:

ansible-vault view myvault.secret 

Ansible will ask for the vault password. If the vault password you type in correct, it will show the contents of the vault on stdout. To edit the vault:

ansible-vault edit myvault.secret 

After you type in the vault password, ansible-vault will open your vault file in your text editor. Save and quit. Commit and push the file to central repository.

git add myvault.secret 
git commit -m "Save again"

Keep in mind that Git will treat your password vault as a binary file.

References

• Age To Encrypt Secrets

• Linux
• Ansible
• Vault
• Security