'ansible decrypt vault string from dynamic inventory

I get a string in a json from a dynamic inventory which looks like this:

{

"VaultUserPassword": "$ANSIBLE_VAULT;1.1;AES256\n66353535383734646563646332613065326534383464353932613333613231393165303466356365\n6237386562643732373135396262663631626366323663350a623739656363623830373265316434\n31343133303964666233356132333162393631386231336365653166643366613836616332636639\n6439366339663437380a356662626664643834313831356538323431663234333731363831623830\n6664\n",

}

no matter what i try i can't get the string decryptet

best success i had so far was with replacing the \n with \r\n:

- name: debug vault
  vars:
    _vault: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n63346231386433323364316335313863653865363763373264346261643864633935353666303462\r\n3464363233386361396537623337353461303838663664360a333664393537616262316139656532\r\n63376465343833346430313335346162396266396439646538383636323161623333383064623363\r\n6534663736383533330a633962353131306666616339623563316164303431306433376361383534\r\n6431"
  debug:
    var: _vault

but as soon as i try to put the string in a variable like:

- name: debug vault in var
  vars:
    _vault_orig: "$ANSIBLE_VAULT;1.1;AES256\r\n63346231386433323364316335313863653865363763373264346261643864633935353666303462\r\n3464363233386361396537623337353461303838663664360a333664393537616262316139656532\r\n63376465343833346430313335346162396266396439646538383636323161623333383064623363\r\n6534663736383533330a633962353131306666616339623563316164303431306433376361383534\r\n6431"
    _vault: !vault _vault_orig
  debug:
    var: _vault

i get:

TASK [aci : debug vault in var] *******************************************************************************************************************************
task path: /home/[email protected]/ansible/roles/aci/tasks/main.yml:19
fatal: [aci01-006-ctdev]: FAILED! => {
    "msg": "input is not vault encrypted data. "
}

so my questions is why does the task with '!vault vaultstring' work, but no the version with the string in a variable like: '!vault _vault_orig' or '!vault "{{ _vault_orig }}"'?

my final goal would be to rplace the \n with \r\n in VaultUserPassword and then decrypt it

ansibleansible-inventoryansible-vault


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions