{"id":5847,"library":"ansible-vault","title":"ansible-vault Python Library","description":"ansible-vault is a Python library designed for programmatic interaction with Ansible Vault encrypted files and strings. It provides a compatible interface to encrypt and decrypt data, allowing Python applications to read from or write to Ansible Vault YAML files. The current version is 4.1.0, and it is actively maintained as a community fork of the original `sivel/ansible-vault` project.","status":"active","version":"4.1.0","language":"en","source_language":"en","source_url":"https://github.com/tomoh1r/ansible-vault","tags":["ansible","vault","encryption","yaml","security"],"install":[{"cmd":"pip install ansible-vault","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Required for YAML parsing and serialization.","package":"PyYAML"},{"reason":"Provides the underlying cryptographic primitives for encryption and decryption.","package":"cryptography"},{"reason":"A dependency, likely for safe string handling or templating, used by `cryptography` or `PyYAML` indirectly.","package":"MarkupSafe"}],"imports":[{"note":"The main `Vault` class is directly accessible from the top-level package.","wrong":"from ansible_vault.vault import Vault","symbol":"Vault","correct":"from ansible_vault import Vault"}],"quickstart":{"code":"import os\nfrom ansible_vault import Vault\n\n# Get password from environment for security, or provide directly\nvault_password = os.environ.get('ANSIBLE_VAULT_PASSWORD', 'your_secret_password').encode()\n\nvault = Vault(vault_password)\n\n# 1. Encrypt and decrypt a string\noriginal_string = 'my_secret_data'\nencrypted_string = vault.encrypt(original_string)\ndecrypted_string = vault.decrypt(encrypted_string)\n\nprint(f\"Original: {original_string}\")\nprint(f\"Encrypted: {encrypted_string[:20]}...\") # Truncate for display\nprint(f\"Decrypted: {decrypted_string}\")\n\n# 2. Encrypt and decrypt a YAML file\n# Create a dummy vault file\nfile_content = {\n    'database': {\n        'host': 'localhost',\n        'username': 'dbuser',\n        'password': 'dbpassword123'\n    },\n    'api_key': 'supersecretapikey'\n}\n\nvault_file_path = 'my_vault.yml'\nwith open(vault_file_path, 'w') as f:\n    vault.dump(file_content, f)\n\nprint(f\"\\nVault YAML file '{vault_file_path}' created and encrypted.\")\n\n# Load and decrypt the YAML file\nwith open(vault_file_path, 'r') as f:\n    decrypted_yaml_content = vault.load(f)\n\nprint(f\"Decrypted YAML content: {decrypted_yaml_content}\")\n\n# Clean up the dummy file\nos.remove(vault_file_path)\n","lang":"python","description":"This quickstart demonstrates how to initialize the `Vault` object with a password, then encrypt and decrypt a simple string. It also shows how to use `Vault.dump()` to write encrypted YAML content to a file and `Vault.load()` to read and decrypt it."},"warnings":[{"fix":"Always ensure you are installing `ansible-vault` from PyPI to get the actively maintained version. If migrating from `sivel/ansible-vault`, verify API compatibility and potential behavioral changes.","message":"This `ansible-vault` package (`tomoh1r/ansible-vault`) is a fork of the original, unmaintained `sivel/ansible-vault`. Users might mistakenly install or confuse it with the unmaintained version.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always provide the password as bytes, e.g., `Vault(b'your_password')` or `Vault(os.environ.get('KEY').encode())`.","message":"The `Vault` constructor expects a bytes object for the password, not a plain string. Passing a string will result in a `TypeError`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure you open the file in the correct mode ('w' for write, 'r' for read) and pass the file handle to the `dump` or `load` method, for example: `with open('vault.yml', 'w') as f: vault.dump(data, f)`.","message":"When encrypting or decrypting YAML, `Vault.dump()` and `Vault.load()` operate on file-like objects (opened file handles) directly, not file paths.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z"}