Ansible troubleshooting - Attempting to decrypt but no vault secrets found
How to solve the error attempting to decrypt but no vault secrets found when using an Ansible Vault to store sensitive password content.
Today we’re going to talk about Ansible troubleshooting, specifically about the attempt to decrypt but no vault secrets found error. I’m Luca Berton and welcome to today’s episode of Ansible Pilot
Link
The Best Resources For Ansible
Certifications
The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up
Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription
Video Course
Printed Book
Ansible For VMware by Examples
Ansible for Kubernetes by Example
Hands-on Ansible Automation
Red Hat Ansible Automation Platform
eBooks
Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
demo
Live demo of Ansible Vault in Playbook problem and fix the error:
Attempting to decrypt but no vault secrets found.
The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the connection failed error and how to solve it!
Every time we would like to use Ansible Vault to store our sensitive information (passwords, access keys, configuration, etc/) encrypted, we need to specify a password for the decryption of the file. The screen error simply reminds us that the password is incorrect or not specified. The solution is relatively easy once you understand the underlying Ansible Vault concept.
code
- playbook_with_vault.yml
---
- name: Playbook with Vault
hosts: all
tasks:
- name: include vault
ansible.builtin.include_vars:
file: mypassword.yml
- name: print variable
ansible.builtin.debug:
var: mypassword
- mypassword.yml
$ANSIBLE_VAULT;1.1;AES256
64306633373430303333623136363833633539376531666131646564633830383330353264633566
3431393662373037663037623533386463306531313435360a643062643065363638353561613738
32343439356138656363333930336636646566376533356131323830663161393533383566316138
3232356363663335610a343233626230373138626263313335623037333963336662323630363562
66396432653737333031643762353130623962323934663566336637653161386563393638333566
6434326465393363363939336433316566353265626364336265
error execution
$ ansible-playbook -i inventory playbook_with_vault.yml
PLAY [Playbook with Vault] **************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [localhost]
TASK [include vault] ********************************************************************
fatal: [localhost]: FAILED! => {"ansible_facts": {}, "ansible_included_var_files": [], "changed": false, "message": "Attempting to decrypt but no vault secrets found"}
PLAY RECAP ******************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
fix execution
We need to specify the --ask-vault-password or --vault-password-file option of the ansible-playbook tool when using Ansible Vault file.
$ ansible-playbook -i inventory --ask-vault-password playbook_with_vault.yml
Vault password:
PLAY [Playbook with Vault] **************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [localhost]
TASK [include vault] ********************************************************************
ok: [localhost]
TASK [print variable] *******************************************************************
ok: [localhost] => {
"mypassword": "mysupersecretpassword"
}
PLAY RECAP ******************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Recap
Now you know better how to troubleshoot the Ansible error: attempting to decrypt but no vault secrets found.
Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate
