added vault/unvault docs (#75140)

3 years ago · 90518d8bb5
parent 5ecbc199f8
commit 90518d8bb5
1 changed files with 25 additions and 0 deletions
--- a/docs/docsite/rst/user_guide/playbooks_filters.rst
+++ b/docs/docsite/rst/user_guide/playbooks_filters.rst
@ -1349,6 +1349,31 @@ Hash type 'blowfish' (BCrypt) provides the facility to specify the version of th

 .. versionadded:: 2.12

+You can also use the Ansible :ref:`vault <vault>` filter to encrypt data::
+
+  # simply encrypt my key in a vault
+  vars:
+    myvaultedkey: "{{ keyrawdata|vault(passphrase) }}"
+
+  - name: save templated vaulted data
+    template: src=dump_template_data.j2 dest=/some/key/vault.txt
+    vars:
+      mysalt: '{{ 2**256|random(seed=inventory_hostname) }}'
+      template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
+
+
+And then decrypt it using the unvault filter::
+
+  # simply decrypt my key from a vault
+  vars:
+    mykey: "{{ myvaultedkey|unvault(passphrase) }}"
+
+  - name: save templated unvaulted data
+    template: src=dump_template_data.j2 dest=/some/key/clear.txt
+    vars:
+      template_data: '{{ secretdata|unvault(vaultsecret) }}'
+
+
 .. _other_useful_filters:

 Manipulating text