vault auth puts a token in ~/.vault-token, with no newline. However, if you change the token manually, it's easy to add a newline at the end (echo does this by default, as do most text editors).
The vault cli handles this gracefully, but ansible-vault sends the entire contents of the file along, including the newline, producing errors like this one:
fatal: [localhost]: FAILED! => {
"failed": true,
"msg": "An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Unable to read secret/hello from vault: Invalid header value '<my token here>\\n'"
}
It would be great if ansible-vault just did a strip() on the data it reads in.
vault authputs a token in~/.vault-token, with no newline. However, if you change the token manually, it's easy to add a newline at the end (echodoes this by default, as do most text editors).The
vaultcli handles this gracefully, but ansible-vault sends the entire contents of the file along, including the newline, producing errors like this one:It would be great if ansible-vault just did a
strip()on the data it reads in.