Ansible Vault with Ansible 2.0.0.2 copying encrypted files to server

Has anyone else experienced this issue with ansible vault when provisioning?

The task:

  • name: set up bitbucket key
    copy: src=roles/users/files/{{ item.username }}/bitbucket dest=/home/{{ item.username }}/.ssh/bitbucket owner=ash group=ash mode=0644
    with_items: users

“src=roles/users/files/{{ item.username }}/bitbucket” is a file encrypted with ansible vault and is the only encrypted file in the playbook.

Provisioning with:
ansible-playbook -i ansible/production_inventory -l webservers ansible/playbook.yml --vault-password-file=~/.ansible_vault_pass.txt
does copy the file to the server but the file remains encrypted.

Currently vault only works for variables, not actual files being copied. There are a couple of pull requests that implement this in the queue.

The way to currently make this work, is to assign the content of the files into a variable that is then put in an encrypted vars file and use the copy: content='{{varname}}' ....

Thanks Brian, that all makes sense now!