can't authenticate to ansible vault since 3.2.11

[Lusitaniae]

Rundeck version: 4.17.6-20240402

I have Ansible Playbook Node Workflow with Vault Pass Storage Path: keys/production/ansible/.vault

That's a key stored in Rundeck defaults KV store

After going through all recent releases of this plugins seems like 3.2.11 and 4.0.0 both are unable to open the vault file

3.2.10 and earlier releases are all working :+1:

[WARNING]: Error in vault password file loading (None): Invalid vault password
was provided from script (/tmp/ansible-runner419321991769154953ansible-script-
vault-client.py)
ERROR! Invalid vault password was provided from script (/tmp/ansible-runner419321991769154953ansible-script-vault-client.py)
Failed: AnsibleNonZero: ERROR: Ansible execution returned with non zero code.

Debug logs show the invokation looking like

encryptVariable ansible_become_password: [ansible-vault, encrypt_string, --vault-id, internal-encrypt@/tmp/ansible-runner3534718919055327790ansible-script-vault-client.py]
 procArgs: [ansible-playbook, site.yml, --vault-id, internal-encrypt@/tmp/ansible-runner3534718919055327790ansible-script-vault-client.py, -l, rundeck1, -vvv, --vault-id, /tmp/ansible-runner3534718919055327790ansible-script-vault-client.py, --private-key=/tmp/ansible-runner2368737503622131914id_rsa, --user=rundeck_user, --timeout=30, --become, --extra-vars=@/tmp/ansible-runner4868465325436002323become-extra-vars, -i, inventory, -l, node1, --tags, app]

[madsi1m]

I also have this exact issue where 3.2.10 works but anything newer does not.

We use SSH login with passwords, starting rundeck manually outside of the service i noticed when i trigger an ansible job, the console is waiting for me to press enter at the ansible ssh password prompt. It looks like the password is entered and i need to press enter for it to continue.

SSH password: <manually press enter>
ECOME password[defaults to SSH password]: <manually press enter>

If i don't press enter i get the same error as @Lusitaniae.