Closed wbh1 closed 4 years ago
Maybe you are defining your encrypted values in a bad way? Even this example works without any issue without providing the vault secret:
- hosts: all
vars:
foobar: !vault |
$ANSIBLE_VAULT;1.1;AES256
61326565656435373038396462323238313637396666343834316634393739326438613734656238
3762306638643539636666656362373663326663363635320a363531306664353162343338396566
31303035306130666333613337613538376563613036393436393631663466653363646539323332
3437656166316164370a326462373861626234663237396333303663636338633739346637623061
3936
roles: []
Yes - that works fine. The issue arises when the entirety of a file is vault encrypted rather than just individually encrypting strings (i.e. file-level encryption rather than variable-level encryption).
I too am having this issue.
When constructing the Ansible command(s) to run, this plugin returns prematurely if a syntax check is being run which leads to the vault password not being specified. This causes the syntax check to fail if one or more vars files is Ansible Vault-encrypted.
Line of code in question: https://github.com/drone-plugins/drone-ansible/blob/master/plugin.go#L252
I'll submit a PR to remedy, but still wanted to create an issue for tracking.
Our error:
Relevant portion of our
.drone.yml
: