Ansible - Resolve "ansible.parsing.yaml.objects.AnsibleVaultEncryptedUnicode object has no attribute split"

Let's say you use the ansible-vault create command to create a file named locker.yml that contains the following.

test_password itsasecret
prod_password hGn4!kD98A


And then you have a playbook that decrypts locker.yml, like this.

- hosts: localhost
    passwords: !vault |
    - name: display the content of the 'passwords' variable
        var: passwords


Something like this should be returned.

TASK [display the content of the 'passwords' variable]
ok: [localhost] => {
    "vault": "test_password itsasecret\nprod_password hGn4!kD98A"


However, if you try to split the content of the "passwords" variable.

- name: display the content of the 'passwords' variable
    msg: "{{ passwords.split() }}"


The following fatal error should be returned.

TASK [display the content of the 'passwords' variable]
fatal: [localhost]: FAILED! => {"msg": "
The task includes an option with an undefined variable.
The error was: 'ansible.parsing.yaml.objects.AnsibleVaultEncryptedUnicode object' has no attribute 'split'\n\n
The error appears to be in '/usr/local/ansible/testing.yml': line 17, column 7, but may be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: display the contents of the 'passwords' variable
        ^ here


This occurs because the object type of the "passwords" variable is AnsibleVaultEncryptedUnicode, which can be seen in the error message, or with the type_debug filter, and the split filter cannot be used on object type AnsibleVaultEncryptedUnicode. To resolve this, the set_fact module and string filter can be used to convert the "passwords" variable from AnsibleVaultEncryptedUnicode to AnsibleUnsafeText.

- name: convert the 'passwords' variable from AnsibleVaultEncryptedUnicode to AnsibleUnsafeText
    passwords: "{{ passwords | string }}"


Now the "passwords" variable can be split.

- name: display the content of the 'passwords' variable
    msg: "{{ passwords.split() }}"


Now the following should be returned.

TASK [display vault.yml]
ok: [localhost] => {
    "msg": [
        "test_password itsasecret",
        "prod_password hGn4!kD98A"


And here is how you would create variables containing the test password and prod password.

- set_fact:
    dev_password: "{{ passwords.split('\n')[0].split(' ')[1] }}"

- set_fact:
    prod_password: "{{ passwords.split('\n')[1].split(' ')[1] }}"


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 32beb in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |