From a64266e7f5e4cf2aefcf57e9a001d6e255d43070 Mon Sep 17 00:00:00 2001 From: fajpunk Date: Wed, 28 Sep 2016 15:23:52 -0500 Subject: [PATCH] Document `copy` module vault decryption behavior (#17777) --- docsite/rst/playbooks_vault.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docsite/rst/playbooks_vault.rst b/docsite/rst/playbooks_vault.rst index bcdbcfb253..04a50ddd95 100644 --- a/docsite/rst/playbooks_vault.rst +++ b/docsite/rst/playbooks_vault.rst @@ -18,6 +18,8 @@ The vault feature can encrypt any structured data file used by Ansible. This ca Ansible tasks, handlers, and so on are also data so these can be encrypted with vault as well. To hide the names of variables that you're using, you can encrypt the task files in their entirety. However, that might be a little too much and could annoy your coworkers :) +The vault feature can also encrypt arbitrary files, even binary files. If a vault-encrypted file is given as the `src` argument to the `copy` module, the file will be placed at the destination on the target host decrypted (assuming a valid vault password is supplied when running the play). + .. _creating_files: Creating Encrypted Files