Update ansible-vault manpage to describe new encrypt/decrypt behaviour
This commit is contained in:
parent
090cfc9e03
commit
4afe1cf422
2 changed files with 49 additions and 9 deletions
|
@ -1,13 +1,13 @@
|
|||
'\" t
|
||||
.\" Title: ansible-vault
|
||||
.\" Author: [see the "AUTHOR" section]
|
||||
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
||||
.\" Date: 07/28/2015
|
||||
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
|
||||
.\" Date: 08/27/2015
|
||||
.\" Manual: System administration commands
|
||||
.\" Source: Ansible 2.0.0
|
||||
.\" Language: English
|
||||
.\"
|
||||
.TH "ANSIBLE\-VAULT" "1" "07/28/2015" "Ansible 2\&.0\&.0" "System administration commands"
|
||||
.TH "ANSIBLE\-VAULT" "1" "08/27/2015" "Ansible 2\&.0\&.0" "System administration commands"
|
||||
.\" -----------------------------------------------------------------
|
||||
.\" * Define some portability stuff
|
||||
.\" -----------------------------------------------------------------
|
||||
|
@ -80,19 +80,35 @@ The \fBedit\fR sub\-command is used to modify a file which was previously encryp
|
|||
This command will decrypt the file to a temporary file and allow you to edit the file, saving it back when done and removing the temporary file\&.
|
||||
.SH "REKEY"
|
||||
.sp
|
||||
*$ ansible\-vault rekey [options] FILE_1 [FILE_2, \&..., FILE_N]
|
||||
\fB$ ansible\-vault rekey [options] FILE_1 [FILE_2, \&..., FILE_N]\fR
|
||||
.sp
|
||||
The \fBrekey\fR command is used to change the password on a vault\-encrypted files\&. This command can update multiple files at once, and will prompt for both the old and new passwords before modifying any data\&.
|
||||
.SH "ENCRYPT"
|
||||
.sp
|
||||
*$ ansible\-vault encrypt [options] FILE_1 [FILE_2, \&..., FILE_N]
|
||||
\fB$ ansible\-vault encrypt [options] FILE_1 [FILE_2, \&..., FILE_N]\fR
|
||||
.sp
|
||||
The \fBencrypt\fR sub\-command is used to encrypt pre\-existing data files\&. As with the \fBrekey\fR command, you can specify multiple files in one command\&.
|
||||
.sp
|
||||
Starting with version 2\&.0, the \fBencrypt\fR command accepts an \fB\-\-output FILENAME\fR option to determine where encrypted output is stored\&. With this option, input is read from the (at most one) filename given on the command line; if no input file is given, input is read from stdin\&. Either the input or the output file may be given as \fI\-\fR for stdin and stdout respectively\&. If neither input nor output file is given, the command acts as a filter, reading plaintext from stdin and writing it to stdout\&.
|
||||
.sp
|
||||
Thus any of the following invocations can be used:
|
||||
.sp
|
||||
\fB$ ansible\-vault encrypt\fR
|
||||
.sp
|
||||
\fB$ ansible\-vault encrypt \-\-output OUTFILE\fR
|
||||
.sp
|
||||
\fB$ ansible\-vault encrypt INFILE \-\-output OUTFILE\fR
|
||||
.sp
|
||||
\fB$ echo secret|ansible\-vault encrypt \-\-output OUTFILE\fR
|
||||
.sp
|
||||
Reading from stdin and writing only encrypted output is a good way to prevent sensitive data from ever hitting disk (either interactively or from a script)\&.
|
||||
.SH "DECRYPT"
|
||||
.sp
|
||||
*$ ansible\-vault decrypt [options] FILE_1 [FILE_2, \&..., FILE_N]
|
||||
\fB$ ansible\-vault decrypt [options] FILE_1 [FILE_2, \&..., FILE_N]\fR
|
||||
.sp
|
||||
The \fBdecrypt\fR sub\-command is used to remove all encryption from data files\&. The files will be stored as plain\-text YAML once again, so be sure that you do not run this command on data files with active passwords or other sensitive data\&. In most cases, users will want to use the \fBedit\fR sub\-command to modify the files securely\&.
|
||||
.sp
|
||||
As with \fBencrypt\fR, the \fBdecrypt\fR subcommand also accepts the \fB\-\-output FILENAME\fR option to specify where plaintext output is stored, and stdin/stdout is handled as described above\&.
|
||||
.SH "AUTHOR"
|
||||
.sp
|
||||
Ansible was originally written by Michael DeHaan\&. See the AUTHORS file for a complete list of contributors\&.
|
||||
|
|
|
@ -84,7 +84,7 @@ file, saving it back when done and removing the temporary file.
|
|||
REKEY
|
||||
-----
|
||||
|
||||
*$ ansible-vault rekey [options] FILE_1 [FILE_2, ..., FILE_N]
|
||||
*$ ansible-vault rekey [options] FILE_1 [FILE_2, ..., FILE_N]*
|
||||
|
||||
The *rekey* command is used to change the password on a vault-encrypted files.
|
||||
This command can update multiple files at once, and will prompt for both the
|
||||
|
@ -93,21 +93,45 @@ old and new passwords before modifying any data.
|
|||
ENCRYPT
|
||||
-------
|
||||
|
||||
*$ ansible-vault encrypt [options] FILE_1 [FILE_2, ..., FILE_N]
|
||||
*$ ansible-vault encrypt [options] FILE_1 [FILE_2, ..., FILE_N]*
|
||||
|
||||
The *encrypt* sub-command is used to encrypt pre-existing data files. As with the
|
||||
*rekey* command, you can specify multiple files in one command.
|
||||
|
||||
Starting with version 2.0, the *encrypt* command accepts an *--output FILENAME*
|
||||
option to determine where encrypted output is stored. With this option, input is
|
||||
read from the (at most one) filename given on the command line; if no input file
|
||||
is given, input is read from stdin. Either the input or the output file may be
|
||||
given as '-' for stdin and stdout respectively. If neither input nor output file
|
||||
is given, the command acts as a filter, reading plaintext from stdin and writing
|
||||
it to stdout.
|
||||
|
||||
Thus any of the following invocations can be used:
|
||||
|
||||
*$ ansible-vault encrypt*
|
||||
|
||||
*$ ansible-vault encrypt --output OUTFILE*
|
||||
|
||||
*$ ansible-vault encrypt INFILE --output OUTFILE*
|
||||
|
||||
*$ echo secret|ansible-vault encrypt --output OUTFILE*
|
||||
|
||||
Reading from stdin and writing only encrypted output is a good way to prevent
|
||||
sensitive data from ever hitting disk (either interactively or from a script).
|
||||
|
||||
DECRYPT
|
||||
-------
|
||||
|
||||
*$ ansible-vault decrypt [options] FILE_1 [FILE_2, ..., FILE_N]
|
||||
*$ ansible-vault decrypt [options] FILE_1 [FILE_2, ..., FILE_N]*
|
||||
|
||||
The *decrypt* sub-command is used to remove all encryption from data files. The files
|
||||
will be stored as plain-text YAML once again, so be sure that you do not run this
|
||||
command on data files with active passwords or other sensitive data. In most cases,
|
||||
users will want to use the *edit* sub-command to modify the files securely.
|
||||
|
||||
As with *encrypt*, the *decrypt* subcommand also accepts the *--output FILENAME*
|
||||
option to specify where plaintext output is stored, and stdin/stdout is handled
|
||||
as described above.
|
||||
|
||||
AUTHOR
|
||||
------
|
||||
|
|
Loading…
Reference in a new issue