Trouble with vault multi line password files

Greetings

I have tried to get Ansible vault to use a multi line password file as described in
https://docs.ansible.com/ansible/latest/user_guide/vault.html#storing-vault-passwords
I can not get this to work. I have tried different combinations of the vault-id, vault-password-file, and encrypt-vault-id parameters and it seems like vault uses the entire file for its password rather than a specific line matching the vault id.
For example: create a file f containing some plaintext and a file p with the 2 lines:
v pass
v2 pass2

This works:
ansible-vault encrypt --vault-id v@p f
And this also works:
ansible-vault edit --vault-id v@p f
But then if I change the contents of p, say I remove the second line, then I instead get this error: “ERROR! Decryption failed (no vault secrets were found that could decrypt) for /tmp/tmp.CmrXnTscYP/f”

Ansible is installed from pip on Ubuntu 20.04
ansible 2.10.3
python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]

That documentation is completely bogus. That format doesn’t exist.

What is happening is that the entire contents of the file is being used as the password.

A vault password file can only contain exactly 1 password and nothing else.

There is an open issue for this: https://github.com/ansible/ansible/issues/72230

How annoying that it made it in there. Thank you for the info and link.

torsdag 10 december 2020 kl. 23:20:46 UTC+1 skrev Matt Martz: