I'm working with Ansible Tower and using Vault credential.
When I launch it using the graphical interface of Ansible Tower (I add the credential when it's prompted), it work well.
When I try with the tower-cli line, I get this message:
{"failed": true, "msg": "Decryption failed (no vault secrets would found t
hat could decrypt)"
I found that I need to add something like --ask-vault-pass but it is listed as an unknown argument when I add to my tower-cli line, so it work only with ansible-playbook command.
How can I ask for vault password with tower-cli?
Thanks in advance.
Please take note that there is a difference between Ansible Engine, the command line tools ansible for ad-hoc commands and ansible-playbook for executing playbooks, and Ansible Tower. According the documentation Ansible Tower is
a GUI and REST interface for Ansible that supercharges it by adding RBAC, centralized logging, autoscaling/provisioning callbacks, graphical inventory editing, and more ... tower-cli is a command line tool for Ansible Tower. It allows Tower commands to be easily run from the Unix command line
As you have already found out
I need to add something like
--ask-vault-passbut it is listed as an unknown argument when I add to mytower-cli... it work only withansible-playbookcommand
this is the expected behavior.
The solution lays in the way you have described
When I launch it using the graphical interface of Ansible Tower (I add the credential when it's prompted), it work well
For further automation you will need to configure your Ansible Tower Credentials store and setup a credential of type Vault. Based on the there stored password, AWX will forward the vault password to Ansible Engine. Ansible Engine will then use that password to unlock the vault and your playbook can run.
Further Q&A