vscode-ansible-vault icon indicating copy to clipboard operation
vscode-ansible-vault copied to clipboard
verified publisher icon dhoeric

Encryption fails if ansible fault file is specified in ansible.cfg

Open bcharboneauiherb opened this issue 6 years ago • 4 comments

Please see issue reported on Ansible's Repo: https://github.com/ansible/ansible/issues/46310

if vault file path is defined in ansible.cfg --vault-password-file should not be specified on the commandline otherwise encrypt will stop functioning from the extension.

Can the extension be made to only include --vault-password-file="" if the field in the extension settings is populated?

bcharboneauiherb avatar Jan 14 '19 16:01 bcharboneauiherb

I see in #9 the function was added to prefer the settings in ansible.cfg. We use AWX and have a different path in the ansible.cfg from local. Could a setting be added to prefer workspace over the file? To me the developer should be able to create local overrides without changing the global function.

michaelpporter avatar Mar 08 '19 11:03 michaelpporter

Seems to be a limitation of ansible-vault not this plugin

https://docs.ansible.com/ansible/latest/user_guide/vault.html

michaelpporter avatar Mar 08 '19 12:03 michaelpporter

Example of how you can not override ansible.cfg setting:

vault_password_file=/etc/awx/vault-pass

ansible-vault decrypt "vars.yml" --vault-password-file="vault-pass"
ERROR! The vault password file /private/etc/awx/vault-pass was not found

michaelpporter avatar Mar 08 '19 13:03 michaelpporter

I had a similar problem and solve with PR #32.

My ansible.cfg is in /etc/ansible/ansible.cfg and has vault_password_file.

danielcrisap avatar Jan 17 '20 13:01 danielcrisap