Vaulted variables missing, password accepted

[Ryan Fisher]

I'm having an odd issue with vaulted variable files when running playbooks from my local machine. The vaulted vars are not defined, even though I am supplying the correct password at the prompt. I've also tried using --vault-password-file and the outcome doesn't change.

I'm not sure how to troubleshoot this. The vaulted vars are working fine when I run the playbook from a remote Jenkins box, they only fail locally. Could there be something in my local ansible.cfg, or a setting in another area that ansible is looking at that would override the supplied vault password?

Here is an example playbook:

---

- hosts: all

  gather_facts: False

  become: False

  tasks:

    - name: Test unvaulted var

      debug:

        var: msr_office_ip

    - name: Test vaulted var

      debug:

        var: vaulted_var

And some output showing the problem:

$ ansible-playbook --vault-id @prompt -i environments/test run_ping_test.yml

Vault password (default):

PLAY [all] ***************************************************************************************

TASK [Test unvaulted var] ************************************************************************

ok: [127.0.0.1] => {

    "unvaulted_var": "this text is not vaulted"

}

TASK [Test vaulted var] **************************************************************************

ok: [127.0.0.1] => {

    "vaulted_var": "VARIABLE IS NOT DEFINED!"

}

PLAY RECAP ***************************************************************************************

127.0.0.1                  : ok=2    changed=0    unreachable=0    failed=0

And the contents of test.vault:

 

$ ansible-vault view environments/test/group_vars/all/test.vault

Vault password:

---

vaulted_var: this text is vaulted

 

Anyone have any idea what I am doing wrong? TIA