Ansible-vault password file not found
3,110 views
Skip to first unread message
JiElPe-Fr38
Mar 8, 2018, 5:49:16 AM3/8/18
to Ansible Project
Dear all,
I am "auto learning" ansible and currently try to understand how to use vault.
To summarize things, I have created a vault.yml file in the vars directory, and included it in the main.yml task. Then, I put the vault password within a .vault_passwd file created at the same level than ansible.cfg.
When I run :
I am "auto learning" ansible and currently try to understand how to use vault.
To summarize things, I have created a vault.yml file in the vars directory, and included it in the main.yml task. Then, I put the vault password within a .vault_passwd file created at the same level than ansible.cfg.
When I run :
ansible-playbook with --vault-password-file .vault_passwd
It is ok.
So, I tried to put the vault password file path within ansible.cfg as follows :
vault_password_file = .vault_passwd
When running the playbook (without --vault-password-file ), it fails with :
fatal: [ci-server]: FAILED! => {
"ansible_facts": {},
"ansible_included_var_files": [],
"changed": false,
"message": "Attempting to decrypt but no vault secrets found"
}
at the line were the vault.yml file is imported. So, it looks like if it does not find the vault password file to decrypt the vault file.
I can't understand why, and have already tried with the aboslute path, or changing _ with -, just in case documentation had a typo... but without any success.
If someone could have an idea to help, I would be glad.
Have a nice day!
J-L
Richard Sobey
Mar 8, 2018, 6:15:04 AM3/8/18
to Ansible Project
You may want to check with "ansible-playbook -v ..." that ansible is picking the correct .cfg file.
Richard
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1029fe38-50d2-45ce-806c-b9097b9f2e7f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
JiElPe-Fr38
Mar 8, 2018, 8:03:18 AM3/8/18
to Ansible Project
Thanks for the idea...
In fact, I already used the verbose mode, so yes I can confirm that it uses the awaited config file.
Which is not a good news, because it would have been a good reason for the problem.
J-L
In fact, I already used the verbose mode, so yes I can confirm that it uses the awaited config file.
Which is not a good news, because it would have been a good reason for the problem.
J-L
haohao qiang
Feb 18, 2020, 6:56:23 AM2/18/20
to Ansible Project
Hello, i have the same issue, did you resolved? How to make it work!
在 2018年3月8日星期四 UTC+8下午9:03:18,JiElPe-Fr38写道:
在 2018年3月8日星期四 UTC+8下午9:03:18,JiElPe-Fr38写道:
Max Haase
Feb 19, 2020, 1:57:24 PM2/19/20
to Ansible Project
Sometimes we have several encryption keys for several projects.
Take a look at your /etc/ansible/ansible.cfg
# find this line
vault_identity_list = default@/home/dude/vault_password, admin@/home/dude/admin_pass, project@/home/dude/project
If you only have 1 encryption key to work with, then it's the default, it'd look like /home/dude/file_containing_the_key
/Max
On Tuesday, February 18, 2020 at 12:56:23 PM UTC+1, haohao qiang wrote:
Hello, i have the same issue, did you resolved? How to make it work!
Reply all
Reply to author
Forward
0 new messages