Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Attempting to decrypt but no vault secrets found" for group_vars/all variables pointing to vault loaded with vars_files #4471

Open
d1nuc0m opened this issue Jan 12, 2025 · 0 comments
Open

"Attempting to decrypt but no vault secrets found" for group_vars/all variables pointing to vault loaded with vars_files #4471

d1nuc0m opened this issue Jan 12, 2025 · 0 comments
Labels
bug

Comments

@d1nuc0m
Copy link

d1nuc0m commented Jan 12, 2025

Summary

I have some variables that should be visible to all groups and be encrypted, following tips about variable visibility, I placed auxiliary variables like my_variable: "{{ vault_my_variable }}" in group_vars/all and loaded a vault with vars_files in the playbook. It works, but the linter fails with error "Attempting to decrypt but no vault secrets found".

Issue Type
  • Bug Report
OS / ENVIRONMENT
ansible-lint 24 using ansible-core:2.16.12 ansible-compat:24.9.0 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.12
  • ansible installation method: OS package
  • ansible-lint installation method: OS package
STEPS TO REPRODUCE

Minimal reproducible example

group_vars/all

ssh_pubkey: "{{ vault_ssh_pubkey }}"

group_vars/all_vault.yml

vault_ssh_pubkey:  "ssh-rsa lorem-ipsum"

roles/ssh/tasks/main.yaml

- name: Set authorized key
  ansible.posix.authorized_key:
    user: d1nuc0m
    state: present
    key: {{ ssh_pubkey }}"

playbook.yaml

- name: Host 1
  hosts: host1.example.com
  vars_files:
    - group_vars/all_vault.yml
  roles:
    - ssh
    - (other roles here)
- name: Host 2
  hosts: host2.example.com
  vars_files:
    - group_vars/all_vault.yml
  roles:
    - ssh
    - (other different roles here)
Desired Behavior

If I try to run the playbook with ansible-playbook -i inventory.yaml --vault-id @prompt playbook.yaml it works, so I would expect the linter not to fail as the variables are defined. If this is not the correct solution on variable management please let me know

Actual Behavior
$ ansible-lint playbook.yaml
WARNING  Listing 1 violation(s) that are fatal
internal-error: Unexpected error code 1 from execution of: ansible-playbook -i localhost, --syntax-check playbook.yaml
playbook.yaml:1 ERROR! Attempting to decrypt but no vault secrets found


Read documentation for instructions on how to ignore specific rule violations.

              Rule Violation Summary               
 count tag            profile rule associated tags 
     1 internal-error min     core
@d1nuc0m d1nuc0m added bug new Triage required labels Jan 12, 2025
@shatakshiiii shatakshiiii removed the new Triage required label Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
🧰 devtools project board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shatakshiiii @d1nuc0m