Difficulty including files with password variables in.

[Jonty Needham]

I have the following playbook:

---
-
  hosts: localhost
  tasks:
  - include_vars:
      file: /path/to/my/vault/encrypted/file
      name: secrets
  - subversion:
      repo: https://path/to/my/repo
      dest: /tmp/checkout
      username: username
      password: secrets.svn_pass
      export: yes


with the password file containing

svn_pass: my_svn_password

Yet the playbook fails with an authentication issue, but if I put the password in in plaintext (obviously for testing!) the state passes smoothly. What's going wrong here?

[Jinesh Choksi]

Hard to say with the information given.

Can you add a debug task before the subversion one to confirm that the vault encrypted password is correctly decrypted:

- debug: var=secrets.svn_pass

If you see its vaule is still in the encrypted form then, confirm if you are running the playbook with Vault correctly by looking at: link

Also, you can add -vvv to the ansible-playbook command line to get a more verbose output. e.g.

ansible-playbook -vvv play.yml --ask-vault-pass

[Johannes Kastl]

On 31.01.17 17:02 Jonty Needham wrote:

> password: secrets.svn_pass

Aren't double curly braces needed here?

password: "{{ secrets.svn_pass }}"

And: why the secrets prefix? The variable only does not suffice?

Johannes