Check The Difference Between Files Encrypted With Ansible-Vault With Git Diff.

Introduction

git diffwill explain how to make the difference of the encrypted file in ansible-vault visible in.

Allows you to view vault files without a password

Create file ./ansible.cfgin the project home directory.

# Specify the path of the file that stores the ansible-vault password
 [defaults] 
vault_password_file  =  ./.vault_password

Create a file to store the password (here .vault_password)

somestrongpassword123

Add the password file to to prevent accidental commits to the repository in .gitignore

.vault_password

Set the text converter for vault files to ansible-vault

• .git/configOr ~/.gitconfigadd the following description.

[diff "ansible-vault"]
  textconv = ansible-vault view
  cachetextconv = true

• Specify the path of the vault file

# *-vault.yml * .vault.yml can also be specified with wildcard
 sample.vault.yml  diff = ansible-vault merge = binary

Check file differences

Now, git diffin you will be able to see the differences of the vault file.

$ git diff
diff --git i/sample.vault.yml w/sample.vault.yml
index 0a181e0..658372b 100644
--- i/sample.vault.yml
+++ w/sample.vault.yml
@@ -1,2 +1,2 @@
 ---
-test = test
+test = testtest

End

Diffs in encrypted files are now visible in ansible-vault, making it easier to inadvertently notice mistakes.

Reference

• Ansible.cfg specification

Configuring Ansible - Ansible Documentation

• .gitattributes, .gitconfig specifications

Git - gitattributes Documentation