New to the group, glad to be here. To not waste too much of anyone’s time, I will get straight to it.
When I run some Ansible Playbooks, I now suddenly get this error message:
[The below changed for reasons of internal security]
fatal: [MAS-01]: FAILED! => {“ansible_facts”: {}, “ansible-included-files”: , “changed”: false, “message”: “Attempting to decrypt but no vault secrets found”}
I haven’t changed anything anywhere, all I do is a “git pull” every Monday or so. When I use “ansible-vault” to read my vault secrets file locally, the content is decrypted and displayed just fine.
Why has this suddenly started happening? I tried re-cloning my Ansible dir, no luck.
how do you enter the vault password? Has this changed somehow? Are you sure you are passing the right vault password? You seem to do when you use ansible-vault but did you do the same for calling ansible normally?
I know trhese questions seem to be like very simple, but i often enough had errors there mysqlf, which where only to blame myself; so I asking these with founded reasons
Are you making sure that you’re using the same ansible.cfg with the value for “vault_password_file” set correctly each time you run the playbook? Since it says “no vault secrets found”, it sounds like it could not be reading that value in from the config file. And just running the playbook from a different directory could cause it not to use the correct ansible.cfg.
Or are you specifying the filename containing the password using the --vault-password-file command-line option instead of using ansible.cfg?
@ej Yes, “–vault-password-file” is being used. I’m not manually supplying/managing Vault passwords and the playbook is being run from the same dir as always.
@Lars Absolutely nothing has been changed by conscious action from my side. I just suddenly got hit by this after having used the same Playbook (the exact same command) 200+ times. I use “–vault-password-file” in the run-command.
ap --vault-password-file=.vault.pw -t ktb -l MAS-01
Is being run while standing my Ansible source dir where the .vault.pw file is also placed, so why does the reading of that file fail, when it can be decrypted and read just fine using the “ansible-vault…” command?
And thx the for the replies BTW. This is a bit of a head-scratcher, because it should “just work” as I see it.