Skip to main content

Roll keys and re-encrypt secrets in any repo using Ansible Vault

Project description

ansible-vault-rekey Documentation Status Updates Python 3

Roll keys and re-encrypt secrets in any repo using Ansible Vault


WARNING: Very few guardrails present. Running this without options will overwrite data by default.

Known issues / caveats:

  • Shows a callous disregard for whitespace and comments
  • Assumes it’s in a playbook directory if -r isn’t provided
  • Will casually write secrets to STDOUT in –debug mode
$ ansible-vault-rekey --help
Usage: ansible-vault-rekey [OPTIONS]

  (Re)keys Ansible Vault repos.

  --dry-run                 Skip any action that would overwrite an original
  -k, --keep-backups        Keep unencrypted copies of files after a
                            successful rekey.
  -r, --code-path TEXT      Path to Ansible code.
  -p, --password-file TEXT  Path to password file. Default: vault-password.txt
  -v, --vars-file TEXT      Only operate on the file specified. Default is to
                            check every YAML file in Ansible role/play dirs
                            for encrypted assets.
  --help                    Show this message and exit.


We have dependencies a couple of layers down which need to compile crypto libraries if you haven’t already got them. On most systems, you’ll need the following:

  • libffi-dev / libffi-devel
  • libssl-dev / openssl-devel
  • gcc


  • TODO


With Docker (recommended):

docker build -t tmp . && docker run --rm -it -w /workspace -v $(pwd):/workspace tmp


pip install -r requirements.txt -r requirements_dev.txt && python2.7 -m pytest tests/*.py


This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.


0.1.0 (2017-10-31)

  • First release on PyPI.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for ansible-vault-rekey, version 1.0.0
Filename, size File type Python version Upload date Hashes
Filename, size ansible_vault_rekey-1.0.0-py2.py3-none-any.whl (10.7 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size ansible-vault-rekey-1.0.0.tar.gz (12.6 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page