Dear all,

I am “auto learning” ansible and currently try to understand how to use vault.
To summarize things, I have created a vault.yml file in the vars directory, and included it in the main.yml task. Then, I put the vault password within a .vault_passwd file created at the same level than ansible.cfg.

When I run :

`
ansible-playbook with --vault-password-file .vault_passwd

`

It is ok.

So, I tried to put the vault password file path within ansible.cfg as follows :

vault_password_file = .vault_passwd

`
When running the playbook (without --vault-password-file ), it fails with :
fatal: [ci-server]: FAILED! => {
“ansible_facts”: {},
“ansible_included_var_files”: ,
“changed”: false,
“message”: “Attempting to decrypt but no vault secrets found”
}

`

at the line were the vault.yml file is imported. So, it looks like if it does not find the vault password file to decrypt the vault file.

I can't understand why, and have already tried with the aboslute path, or changing _ with -, just in case documentation had a typo... but without any success.

If someone could have an idea to help, I would be glad.

Have a nice day!

J-L

You may want to check with “ansible-playbook -v …” that ansible is picking the correct .cfg file.

Richard

Thanks for the idea…
In fact, I already used the verbose mode, so yes I can confirm that it uses the awaited config file.
Which is not a good news, because it would have been a good reason for the problem.

J-L

Hello, i have the same issue, did you resolved? How to make it work!

在 2018年3月8日星期四 UTC+8下午9:03:18，JiElPe-Fr38写道：

Sometimes we have several encryption keys for several projects.
Take a look at your /etc/ansible/ansible.cfg

find this line

vault_identity_list = default@/home/dude/vault_password, admin@/home/dude/admin_pass, project@/home/dude/project

If you only have 1 encryption key to work with, then it’s the default, it’d look like /home/dude/file_containing_the_key

/Max