Ansible - Resolve "Attempting to decrypt but no vault secrets found"

Let's say you have a playbook that uses the file module to create /tmp/foo.txt on your managed nodes.

- hosts: all
  - file:
      path: /tmp/foo.txt
      state: touch


You attempt to run this playbook.

ansible-playbook foo.yml


And ERROR! Attempting to decrypt but no vault secrets found is returned.

PLAY [all]
ERROR! Attempting to decrypt but no vault secrets found


This error can occur when you have a file in the group_vars directory that has been encrypted by the ansible-vault create or ansible-vault edit or ansible-vault encrypt command. For example, let's say the /usr/local/ansible/group_vars/all/foo.txt file has been encrypted.



In this scenario, it usually a good idea to first ensure the file was encrypted. If so, something like this should be returned.

~]$ cat foo.txt


Then see if you can decrypt the file using the ansible-vault view command.

ansible-vault view foo.txt


You will be prompted to for the vault password.

Vault password:


After providing the valid vault password, the content of the encrypted file will be displayed.

Hello World


If you are able to decrypt the file, one option would be to use the --ask-vault-pass command line flag so that you are prompted for the vault password.

~]# ansible-playbook foo.yml --ask-vault-pass
Vault password:


Or, you could create a hidden file that contains the password, such as .vault_password.txt, and then use the --vault-password-file or --vault-id option on the command line.

ansible-playbook foo.yml --vault-password-file group_vars/all/.vault_password.txt


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 2f05d in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |