---
title: Change the Vault Passwords
description: Ping Autonomous Identity uses the ansible vault to store passwords in encrypted files, rather than in plaintext. Ping Autonomous Identity stores the vault file at /autoid-config/vault.yml saves the encrypted passwords to /config/.autoid_vault_password . The /config/ mount is internal to the deployer container. The default encryption algorithm used is AES256.
component: autonomous-identity
version: 2022.11.12
page_id: autonomous-identity:admin-guide:chap-change-vault-passwords
canonical_url: https://docs.pingidentity.com/autonomous-identity/2022.11.12/admin-guide/chap-change-vault-passwords.html
---

# Change the Vault Passwords

Ping Autonomous Identity uses the ansible vault to store passwords in encrypted files, rather than in plaintext. Ping Autonomous Identity stores the vault file at `/autoid-config/vault.yml` saves the encrypted passwords to `/config/.autoid_vault_password` . The `/config/` mount is internal to the deployer container. The default encryption algorithm used is AES256.

By default, the `/autoid-config/vault.yml` file uses the following parameters:

```
configuration_service_vault:
  basic_auth_password: Welcome123

openldap_vault:
  openldap_password: Welcome123

cassandra_vault:
  cassandra_password: Welcome123
  cassandra_admin_password: Welcome123

mongo_vault:
  mongo_admin_password: Welcome123
  mongo_root_password: Welcome123

elastic_vault:
  elastic_admin_password: Welcome123
  elasticsearch_password: Welcome123
```

Assume that the vault file is encrypted during the installation. To edit the file:

Edit the Vault file:

1. Change to the `/autoid-config/` directory.

   ```
   $ cd ~/autoid-config/
   ```

2. First, decrypt the vault file.

   ```
   $ ./deployer.sh decrypt-vault
   ```

3. Open a text editor and edit the `vault.yml` file.

4. Encrypt the file again.

   ```
   $ ./deployer.sh encrypt-vault
   ```