AWX - Can not sync Inventory from Project Source

In AWX, I would like to create an inventory from the project source. When I try to sync, I get an error:

ERROR! Attempting to decrypt but no vault secrets found

The inventory file is not encrypted with Ansible Vault. I have also created credentials for Git and Vault, but I am unable to select them.

AWX operator version: 2.19.0
AWX version: 24.6.0

do you an ansible.cfg that might specify a vault file? usually inventory from a project doesn’t require a credential besides selecting the project.

@iyami5 Inventory files can be entirely ansible-vault encrypted or have encrypted vars in otherwise plaintext files. Of course, you need to pass the vault decryption information to ansible someway somehow for it to be consumed. However, you don’t want to have that vault password stored in the project itself that the inventory is sourced from.

@dkoci Unfortunately, and this has been part of recent discussions in the AWX community meetings, there are limitations on what and where credentials types can be used. The ansible-vault credential type (as well as custom credential types), for e.g., cannot be used with inventory sources. The only way to work around this is that I am aware of is to add the vault password information to a custom EE, and specify that EE for the inventory source. Then that EE can automatically decrypt the inventory. You don’t necessarily want to bake this into your global EE, as that may conflict with using ansible-vault credential types in the places they can actually be used.

Hopefully in the near future, AWX will support using more/all credential types in more/all contexts.

I am a bit confused. Why should I use vault password in case of inventory source? My inventory file and ansible.cfg file are not encrypted with ansible-vault. The only thing which is encrypted is some variable which doesnt have anything to do with ineventory source.

probably why its asking you for credentials. Its loading the var or something similar.

1 Like