UPDATED:
I have organized my configs into a role based directory structure. Some of those roles have default variable files that have encrypted text. Here's a simplified and tested task list that fails:
---
- name: 'Include some additional variables'
include_vars:
dir: "{{playbook_dir}}/roles/foo/defaults/vars"
tags: 'debug'
- name: 'Debug: display the variables'
debug:
msg: "{{item}}"
with_items:
- "{{encrypted_text_from_yml_file}}"
tags: 'debug'
- name: 'Deploy Foo plugins'
block:
- name: 'Transfer the folder to the application directory'
synchronize:
src: 'some_src_folder'
dest: "{{some_unencrypted_text_from_another_yml_file}}"
archive: false
recursive: true
tags: 'debug'
I'm seeing the following error, however, when executing my playbook:
TASK [<some_app> : Transfer the <some_folder> folder to the application directory] **********************************************************************************
fatal: [<some_hostname>]: FAILED! => {"failed": true, "msg": "Decryption failed (no vault secrets would found t
hat could decrypt)"}
My credentials are being retrieved from a password file.
I tossed a debug task right after the variable include and all my variables that were encrypted displayed. The weird thing is the block of tasks where the exception is occurring is using a synchronize module. No variables from the vault are even being used...
Any idea how to troubleshoot this? I increased the verbosity up to -vvvv and didn't see anything obvious.
Using: ansible 2.4.0.0
I figured out the issue. I accidentally truncated an encrypted string in group_vars/all. Using -vvvvv (note the 5th v) actually helped reveal an HMAC issue.