Matt indicated today that he missed some common logic to allow vault password files to be scripts to ansible-vault CLI commands, which means parts of vault were using slightly different operations.
I can’t say this is related, I don’t know, but this is on my list to investigate to see if we can replicate this today.
If we find something, this would be included in a 1.7.1.
I’ll let you know if I have questions or what happens.
I just tested this on 1.7 and devel branches and was able to use --vault-password-file fine with both encrypted playbooks and vars_files items, so I’m having some trouble reproducing this one.
If you can supply a minimal playbook/file combo (and probably the vault password file) maybe we can see if we can reproduce this, but right now, I can’t make any problems happen.
We do have vault tests that run on Ubuntu, we can look at this hopefully today to see if we can replicate.
We did fix some vault-related items recently on devel, though this was mostly around making --vault-password-file allow scripts, which should not come into play here.