I've been searching all over but there's not much on what should the Ansible vault password file look like.
For example I would like to do:
ANSIBLE_VAULT_PASSWORD_FILE=./pwdfile ansible-vault edit secrets.yml
But have no idea what format ./pwdfile should be.
The content of a Ansible vault password file should contain only the password for the Ansible vault.
Somewhat vaguely described in the official documentation: https://docs.ansible.com/ansible/latest/user_guide/vault.html#setting-a-default-password-source
That is if you do:
$ ansible-vault create secrets.yml
New Vault password: 1234
Confirm New Vault password: 1234
Then you can create a password file pwdfile with the contents:
1234
And invoke ansible-vault edit like:
ANSIBLE_VAULT_PASSWORD_FILE=./pwdfile ansible-vault edit secrets.yml
Note you can also pass --vault-password-file or --vault-id instead of setting the environment variable as described here: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_VAULT_PASSWORD_FILE
Most of how to use the Ansible vault is described here: https://docs.ansible.com/ansible/latest/user_guide/vault.html