Why does ansible throws error while encrypting the string?

Issue

When I run commands on my ansible 2.9 version on red hat 7 distro –

$ ansible-vault encrypt_string '[email protected]!hFymu4b91!x[W!u[EL' 
New Vault password:  [ERROR]: User interrupted execution

$ ansible-vault encrypt_string '-w2kBT>ur=X{U`!43o&m'
usage: ansible-vault [-h] [--version] [-v]
                     {create,decrypt,edit,view,encrypt,encrypt_string,rekey}
                     ...
ansible-vault: error: unrecognized arguments: -w2kBT>ur=X{U`!43o&m

The first command succeeds while second one fails. Is it related to special characters. My program automatically generates passwords, so just one time escape won’t help!

NB: The BaSh shell also would throw some errors, if you try to pass that string with a tilde using double quotes. But for single quotes, it won’t complain.

Solution

The second command fails because the argument to encrypt_string looks like a command line option (because it starts with hyphen -). As with many command line tools, you can tell ansible-vault to stop looking for option arguments using the -- marker, like this:

ansible-vault encrypt_string -- '-w2kBT>ur=X{U`!43o&m'

The entire process looks like this:

$ ansible-vault encrypt_string -- '-w2kBT>ur=X{U`!43o&m'
New Vault password:
Confirm New Vault password:
!vault |
          $ANSIBLE_VAULT;1.1;AES256
          38376339313764343364653131333536613738373863643230633761346331663837643664623237
          6138386635363661663562386430323061323831326534660a613837383263626336656332373464
          32306333303262653733626233383532373133663335343865373834653764313032333133663432
          6538306566373566610a353936663134326335373934643638333836643262363563333865366165
          63653736653733356261616431646538623736323139656531643137643234363237
Encryption successful

Answered By – larsks

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published