need some help with a password in a vault

I have a group of CentOS 7 servers that I want to run a playbook against to set up audit and rsyslog. The systems are currently set up for root ssh with password. One of the later tasks will be to turn off root ssh access, but for now, just need to figure out how to use a vault password file for connection. I created a vault-pw-file with:
echo'vautl-passw'> vault-pw-file

I then created an encrypted copy of the root password with:
ansible-vault encrypt_string--vault-id my_user@~/vault-pw-file'root-password'--name'bb_root'>vault_passwd

I have in my ~/ansible.cfg:
[defaults] inventory =$HOME/hosts vault_password_file=$HOME/vault_passwd

I’m not quite following the documentation about how to actually use the vault password file. If I run:
ansible all -m debug --vault-id my_user@~/vault-pw-file

It gives me a success and “hello world” for each host. If I run:
ansible all -m ping --vault-id my_user@~/vault-pw-file

it says failed to connect to host via ssh.

Sorry, I’m just not following the vault documentation. :frowning:

At first glance I think you are missing a “-e” on the command line and setting the password correctly for the connection with “ansible_ssh_pass=” in your vault file. The user should be defaulting to root but you can set that also.

I don’t think I’m missing an ‘-e?’ My understanding is that “ansible_ssh_pass” is a plain text password. I was trying to avoid having it sit on the file system unencrypted. I ran:
ansible--ask-pass all -a"/bin/date"

and that worked fine. I’m trying to figure out how to use the vault to store and provide the root password. That part I am not quite understanding from the docs.

Thanks!