I'm having trouble with inline encrypted strings in Ansible/Ansible-vault.
I'm storing the Ansible Vault password in a file and have a local config file that declares it:
[defaults]
vault_password_file = ./my_vault_pass
As I already have a vault_password_file defined, I create my encrypted variable with the following command:
ansible-vault encrypt_string --stdin-name 'username'
When prompted, I enter the value I want encrypted and CTRL-D twice without pressing enter. I then take the output of that command and replace the variable definition with it.
My tasks/main.yml file ends up like this [redacted]
---
- name: Clone the template
vmware_guest:
hostname: 1.2.3.4
username: !vault |
$ANSIBLE_VAULT;1.1;AES256
63353665383934386565306639633734366666303465306364323761323938383433643133313933
3939356663626465303465646265653731626463386261610a306361343436613030336639303533
64613337326332353933313931303537653833623863343435623730316266643636373831363937
6231643937376665620a326465343239643237366465353965376532336365346631653466623038
35636135303233623733306632333833663535646230393335303261633535353636
password: 'my_password'
validate_certs: False
name: testvm_2
template: 'template-name'
datacenter: DC1
folder: /Test
state: poweredon
wait_for_ip_address: yes
However, with the username:
change being the only change, I now get an error:
PLAY [localhost] *************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************
ok: [localhost]
TASK [common : Clone the template] *******************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Unable to pass options to module, they must be JSON serializable: Object of type AnsibleVaultEncryptedUnicode is not JSON serializable"}
PLAY RECAP *******************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0