I’ve have a dictionary variable setup that has accounts and passwords:
`
password_list:
- { name: “user1”,
password: “user1pwd”
} - { name: “user2”,
password: “user2pwd”
} - { name: “user3”,
password: “user3pwd”
}
`
This variable it works as expected. When I update one of the passwords to a vaulted version like this:
`
password_list:
- { name: “user1”,
password: “user1pwd”
} - { name: “user2”,
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66366265333266666432626431646631356664663262326535346265353939383239626634636331
6462666364303539336132346430346432333564346663300a623333613666333330626330643735
64613664383733333839313434303433663164363030383663336663656432613965663862656237
3631366664646332610a636230616334306232336263313139623264663338613538643163356239
3732
} - { name: “user3”,
password: “user3pwd”
}
`
…the ansible-playbook complains about it with this message:
`
The offending line appears to be:
- { name: “user2”,
password: !vault |
^ here
exception type: <class ‘yaml.scanner.ScannerError’>
exception: while scanning for the next token
found character that cannot start any token
in “”, line 30, column 28
`
I’ve tried variations such as removing the “|” and putting everything from “!vault” through “3732” on the same line (removing spaces), using a “<” instead of the “|”, etc.
Am I doing it wrong? Is this a bug in the vault string handling that I should report? Or is this a “not yet implemented” variation on vault data that I should put in for a feature request?