Ansible Vault — Decrypting Multiple Passwords

Introduction

With Ansible Vault since Ansible 2.4, even if some files are encrypted with password A, some files with password B, and so on, they can be decrypted with a single command.

Official documentation for encrypt_string to create encrypted variables to embed in yaml, Vault Ids and Multiple Vault Passwords, Providing Vault Passwords

Encrypting content with Ansible Vault - Ansible Documentation

• From 2.4, you can use the old --vault-password-file option, but you can replace it with the--vault-id option instead.
• The --vault-id option has more functions than the --vault-password-file option, but for the time being, if you specify a file with the password like the --vault-password-file option, --vault Behaves the same as the password-file option.
• Since the --vault-id option can be used multiple times when decrypting, the playbook can be executed even if there are multiple files encrypted with different passwords.

Compare Vault

Ansible 2.3