Ansible Error: Decryption Failed: Stuck? You can rely on us.
We find it irritating to encounter errors when attempting to execute an Ansible playbook.
We help our clients with several Ansible queries as part of our server management services.
Let’s examine how to correct this mistake today.
Ansible Error: Decryption Failed
Recently, one of our clients discovered the following error:
fatal: [server1.lab.com]: FAILED! => {“msg”: “Decryption failed (no vault secrets were found that could decrypt) on /home/skynats/ansible/encrypted_data.txt”}fatal: [server1.lab.com]: FAILED! => {“msg”: “A vault password or secret must be specified to decrypt /home/skynats/ansible/skynats/encrypted_data.txt”}We can encrypt files with Ansible Vault instead of displaying them in playbooks as plaintext.
We typically use it for sensitive data like passwords, SSL private keys, and so forth.
The Ansible vault by default employs the AES256 algorithm to encrypt data.
File before encryption :
$> cat encrypted_data.txt
This is an encrypted dataUtilizing Ansible Vault for encryption
$ ansible-vault encrypt encrypted_data.txt
New Vault password:
Confirm New Vault password:
Encryption successfulAfter Encryption :
$ > cat encrypted_data.txt
$ANSIBLE_VAULT;1.1;AES256
30613332366266623564636132643536646265316132636439326535613939333061376337666433
3831313731303866643765313962323065346565613937650a396162373436306363383934643464
32393037346666303036306365396139383832383632373235323432666638366335623163363539
3530363234656536620a356138366536643164353462613138333664363134303533326566636232
32623530373362396231613230653939393865323639633966616530346261653863It is now secure to add it as a parameter to the ansible-playbook.
When we execute the ansible-playbook that contains a file encrypted with ansible vault, we must also provide a decryption password.
Cause of the error and solution
Let’s examine the root of the issue and how our tech support team resolves it now.
Usually, this error occurs as a result of an incorrect decryption password that we give to Ansible.
Take the playbook for the encrypted data.txt file as an example. We used Ansible Vault to encrypt the file, which we then copied to the target machine after decryption.
vault.yml :
– hosts: server1.lab.com
tasks:
– name: Copying Encrypted file to target machine and decrypting
copy:
src: encrypted_data.txt
dest: /home/decrypted_data.txtIf we attempt to run the playbook in this manner:
ansible-playbook vault.ymlThis will ultimately lead to a mistake.
As a result, we must give the playbook the decryption password, either as a prompt to the terminal or as a vault file.
ansible-playbook vault.yml –ask-vault-pass ## To prompt for vault password
ansible-playbook vault.yml –vault-password-file /home/skynats/private/vault_pass.txt ## To automatically read the vault passwordWe have a practical method for passing the vault password. Once we give the ansible controller the right password, the error goes away.
Conclusion
In conclusion, this error can be caused by using the wrong decryption password. Today, we saw the error being fixed for our clients by our Tech Support team.
Are you looking for an answer to another query? Contact our technical support team.
