diff --git a/commands.py b/commands.py
index 5990bf5..297d5ee 100644
--- a/commands.py
+++ b/commands.py
@@ -8,7 +8,7 @@
 
 log = logging.getLogger(__name__)
 
-ANSIBLE_COMMAND_TEMPLATE = 'ansible-vault {command} {extra_flags} {vault_password} "{vault_file}"'
+ANSIBLE_COMMAND_TEMPLATE = 'ansible-vault {command} {extra_flags} {vault_password} {vault_file}'
 GETPASS_WARNING = "Warning: Password input may be echoed.\nVault password: "
 
 
@@ -16,7 +16,7 @@ class AnsibleVaultBase:
     open_new_tab = False
     command = None
     password = None
-    vault_file_path = None
+    vault_data = None
     extra_flags = ''
 
     @property
@@ -57,8 +57,8 @@ def get_setting(self, key, default=None):
 
         return settings.get(key, default)
 
-    def prompt_vault_password(self, edit, vault_file_path):
-        bound_vault_command = partial(self.run_vault_command, edit, vault_file_path)
+    def prompt_vault_password(self, edit, vault_data, region):
+        bound_vault_command = partial(self.run_vault_command, edit, vault_data, region)
         self.view.window().show_input_panel('Vault Password', '', bound_vault_command, self.on_change, self.on_cancel)
 
     def on_change(self, password):
@@ -67,42 +67,65 @@ def on_change(self, password):
     def on_cancel(self):
         pass
 
-    def ansible_vault(self, edit, vault_file_path):
+    def ansible_vault(self, edit, vault_data, region, data_text=False):
         # Use a password file is one is present
         if self.password_file != '':
-            return self.run_vault_command(edit, vault_file_path, self.password_file, password_from_file=True)
+            return self.run_vault_command(edit, vault_data, region, self.password_file, data_text, password_from_file=True)
+
+        # Back out if we're doing area selection as password file is the only one that works
+        if data_text is True:
+            sublime.error_message("Text selection is only supported with a vault pass file")
+            return
 
         # Use a password if one is present
         if self.password != '':
-            return self.run_vault_command(edit, vault_file_path, self.password)
+            return self.run_vault_command(edit, vault_data, region, self.password, data_text)
 
         # No configured password, fallback to a prompt
-        self.prompt_vault_password(edit, vault_file_path)
+        self.prompt_vault_password(edit, vault_data, region)
 
-    def run_vault_command(self, edit, vault_file_path, password, password_from_file=False):
+    def get_selection(self, edit, decrpyt = False):
+        selections = self.view.sel()
+        if len(selections[0]) < 1:
+            region = sublime.Region(0, self.view.size())
+            vault_file = '"{}"'.format(self.view.file_name())
+            self.ansible_vault(edit, vault_file, region)
+            return
+
+        for region in selections:
+            text = self.view.substr(region)
+            if decrpyt:
+                text = text.replace(" ", "")
+                text = text.replace("   ", "")
+            self.ansible_vault(edit, text, region, True)
+
+    def run_vault_command(self, edit, vault_data, region, password, data_text=False, password_from_file=False):
         vault_password_flag = '--vault-password-file "%s"' % password
-        password_input = None
+        vault_input = ''
 
         if password_from_file is False:
             vault_password_flag = '--ask-vault-pass'
-            password_input = password
+            vault_input = password
+
+        if data_text is True:
+            vault_input = vault_data
+            vault_data = ''
 
         command = ANSIBLE_COMMAND_TEMPLATE.format(
             vault_password=vault_password_flag,
             command=self.command,
-            vault_file=vault_file_path,
+            vault_file=vault_data,
             extra_flags=self.extra_flags,
         )
         with Popen([command], stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=True, universal_newlines=True) as proc:
-            output, error = proc.communicate(input=password_input)
+            output, error = proc.communicate(input=vault_input)
 
         if self.error_handler(error) is True:
             return
 
         if self.open_new_tab is True:
-            self.view.run_command('ansible_vault_output', {'output': output, 'title': vault_file_path})
+            self.view.run_command('ansible_vault_output', {'output': output, 'title': vault_data})
         else:
-            region = sublime.Region(0, self.view.size())
             self.view.replace(edit, region, output)
 
     def error_handler(self, error):
@@ -147,14 +170,11 @@ class AnsibleVaultDecryptCommand(AnsibleVaultBase, sublime_plugin.TextCommand):
     extra_flags = '--output=-'
 
     def run(self, edit):
-        vault_file = self.view.file_name()
-        self.ansible_vault(edit, vault_file)
-
+        self.get_selection(edit, True)
 
 class AnsibleVaultEncryptCommand(AnsibleVaultBase, sublime_plugin.TextCommand):
     command = 'encrypt'
     extra_flags = '--output=-'
 
     def run(self, edit):
-        vault_file = self.view.file_name()
-        self.ansible_vault(edit, vault_file)
+        self.get_selection(edit)