When I run commands on my ansible 2.9 version on red hat 7 distro –
$ ansible-vault encrypt_string 'l3@TH!hFymu4b91!x[W!u[EL'
New Vault password: [ERROR]: User interrupted execution
$ ansible-vault encrypt_string '-w2kBT>ur=X{U`!43o&m'
usage: ansible-vault [-h] [--version] [-v]
{create,decrypt,edit,view,encrypt,encrypt_string,rekey}
...
ansible-vault: error: unrecognized arguments: -w2kBT>ur=X{U`!43o&m
The first command succeeds while second one fails. Is it related to special characters. My program automatically generates passwords, so just one time escape won’t help!
NB: The BaSh shell also would throw some errors, if you try to pass that string with a tilde using double quotes. But for single quotes, it won’t complain.
Advertisement
Answer
The second command fails because the argument to encrypt_string looks like a command line option (because it starts with hyphen -). As with many command line tools, you can tell ansible-vault to stop looking for option arguments using the -- marker, like this:
ansible-vault encrypt_string -- '-w2kBT>ur=X{U`!43o&m'
The entire process looks like this:
$ ansible-vault encrypt_string -- '-w2kBT>ur=X{U`!43o&m'
New Vault password:
Confirm New Vault password:
!vault |
$ANSIBLE_VAULT;1.1;AES256
38376339313764343364653131333536613738373863643230633761346331663837643664623237
6138386635363661663562386430323061323831326534660a613837383263626336656332373464
32306333303262653733626233383532373133663335343865373834653764313032333133663432
6538306566373566610a353936663134326335373934643638333836643262363563333865366165
63653736653733356261616431646538623736323139656531643137643234363237
Encryption successful