Couldn't find anything about this. I need to pass a vaulted variable file as extra vars, i.e.:
ansible-pull -U <URL> -f -C master -d <ROLE_PATH> -i hosts --clean --vault-id <VAULT-ID/PW-FILE> -e @<VAULTED-VAR-FILE>
Seems like it cannot find the vaulted file..
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /etc/ansible/ansible.cfg as config file
Parsed localhost, inventory source with host_list plugin
ERROR! Attempting to decrypt but no vault secrets found
Note: If I decrypt the vaulted file, it will run.
Did anyone run into the same problem or know a solution?
Thansk and best regards
A: The error is clear. Provide ansible-pull with the vault secret.
But, this would require making the vault secret available on the remote host, running ansible-pull, in plain-text. This is a pretty weak solution from a security standpoint. Use it in a secure environment only. Otherwise, I'd recommend using the push model to manage secrets.
Alternative solution
If you really need to manage secrets on the remote-hosts by ansible-pull you might want to store the secrets in passwordstore and use Ansible lookup plugin passwordstore to retrieve secrets.