AWX - Handling Vault Secrets Using Inventory From Source

I’m trying to use an inventory.inifile as a source in AWX (version 24.6.1), but I’m running into issues when the inventory references variables stored in an Ansible Vault.

My inventory.ini looks like this:

[my_servers]
prod01 ansible_host=X.X.X.X cluster_private_ip=10.10.20.1 private_ip_for_ceph=10.10.10.1

[hetzner_servers:vars]
ansible_user=admin
ansible_ssh_private_key_file=./ansible/ssh_keys/{{ ansible_host }}_key
ansible_port=2222
ceph_network=10.10.10.0/24

[all:vars]
ssh_user=admin
ansible_python_interpreter=/usr/bin/python3
db_user=postgres

My project structure is:

.
├── group_vars
│   └── all.yml (encrypted using Ansible vault)
├── inventory.ini
├── inventory_root.ini

The structure of my all.yml file is:

robot_user: "secret"
robot_pass: "secret!"
hetzner_api_token: "secret"
proxmox_api_token: "secret"
haproxy_password: "secret"
db_password: "secret"

root_passwords:
  "X.X.X.X": "secret"

admin_passwords:
  "X.X.X.X": "secret"

When I try to add this inventory in AWX as a “Project” source, I get the following error:
ERROR! Attempting to decrypt but no vault secrets found

I’ve tried pointing AWX to the vault password file, but it still fails to decrypt the variables.

Questions:

  1. How can I configure AWX to properly use an inventory that references vault variables?

  2. Should I add the vault credentials somewhere in AWX, and if so, where?

  3. Is it possible to use inventory.ini directly with vaulted variables, or do I need to restructure it?