In the last few weeks, I've been using Ansible to automate a few tasks on a couple of servers and found the tool extremely useful. One of the tasks required the implementation of the Ansible Vault since it was necessary to create some files on the servers that contained some credentials. Since storing secrets in plain text files poses a significant security risk, Ansible Vault is used to secure sensitive data within an Ansible project.
Ansible Vault allows you to encrypt stuff like:
- Whole files (like group_vars/all.yml)
- Specific variables inside YAML
- Even binary files (like private keys)
This way, you can safely commit them to version control (e.g., GitHub, GitLab) without exposing secrets.
Editing an Ansible Vault file with nano
By default, Ansible Vault uses vim or vi as the editor when you run commands like:
ansible-vault create secrets.yml
ansible-vault edit secrets.ymlHowever, you don't have to stick with Vim to modify those files. Ansible uses whatever you have set in the $EDITOR environment variable, so, for example, if you want to use Nano as your editor when using ansible-vault, you may instruct Ansible to do so during its usage with:
env EDITOR=nano ansible-vault edit secrets.yamlThis will work only with the current commands since we override the editor only in this instruction. If you want to make it permanent, add it to ~/.bashrc or ~/.zshrc (depending on your favorite shell), for example, for bash:
echo 'export EDITOR=nano' >> ~/.bashrc'
source ~/.bashrcIn this way, nano will be used whenever you run ansible-vault:
ansible-vault edit secrets.ymlHappy coding ❤️!
