1

I have a Jenkinsfile trying to launch an Ansible playbook which references some parameters stored in an Ansible vault encrypted file.

Ansible is installed in version 2.4.0.0

Here is a snippet of my jenkins file:

withCredentials([[$class: 'StringBinding', credentialsId: 'vault_token', variable: 'VAULT_TOKEN']]) {

                    ansiblePlaybook(
                            playbook: "./ansible/playbooks/deploy.yml",
                            inventory: "./ansible/hosts/hosts",
                            credentialsId: "$VAULT_TOKEN"
                }

And there is the playbook:

---
- hosts: managers
  become: true
  tasks:
  - include_vars: ../vaults/passwords.yml
  - name: Log into Docker repository
    docker_login:
      registry: my.registry.org
      username: "{{ reg_user }}"
      password: "{{ reg_password }}"

This playbooks includes the vault file containing the encrypted values. When Jenkins execute the Jenkinsfile, I get the following error: Attempting to decrypt but no vault secrets found

Why is ansible not using the credentialId i've passed to him in the Jenkinsfile and what is the good way to pass this credential?

Lucas.de
  • 555
  • 8
  • 17

2 Answers2

3
  1. Please use 'vaultCredentialsId' instead of 'credentialsId' for vault token.
  2. Remove 'withCredentials'part and straightaway write like vaultCredentialsId:'vault_token' Ansible Plugin link
Himanshu Singla
  • 390
  • 3
  • 11
0

try the following

withCredentials([file(credentialsId: 'vault_token', variable: 'VAULT_TOKEN')]) {
        ansiblePlaybook colorized: true, credentialsId: '', forks: 10, inventory: 'ansible/hosts/hosts', limit: '', playbook: 'ansible/playbooks/deploy.yml', sudoUser: null, extras: "--vault-password-file ${VAULT_TOKEN}"
        }

you need to add the

extras: "--vault-password-file ${VAULT_TOKEN}"

and leave credentialsId blank.

ryan1506
  • 175
  • 1
  • 2
  • 17