Inline encrypted variable not JSON serializable

Question

I\'m trying to understand how to encrypt single variables with vault. First I encrypt the string with ansible-vault encrypt_string -n -p, then I write the outpu

Answer 1

i have implemented same for sending email using mail module and it's working as expected.

ansible-vault encrypt_string yourgmailapppassword --name gmail_password

use above method to encrypt gmail app password using ansible vault string option and define encrypted variable into the playbook.

cat fetch-users-deatils.yml

    - name: Linux servers user audit report preparation
      hosts: "{{ HOSTS }}"
      roles:
        - user-collections
    
    - name: Refreshing user Dashboard & sending email from localhost
      hosts: localhost
      become: false
      vars:
       - gmail_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              62613232383962323430633831113465356231563163366235353034393230656331663436646233
              3266353862303738303737383530313664356135336661390a336562613436626665333833323030
              61393135643433313930643337363465343332353716333831222766376137396430426361663633
              6233313433633231320a663435636230636431643731333166366435346564316331323361633566
              38622138392437888466666535323432653034323936353961646233613437343831
      tasks:
        - name: Collecting the user details information and recreating the users dashboard
          script: dashboard_user.sh
          tags: user_dashboard
    
    
        - name: User Audit data output file stored on below location
          debug:
            msg:
             /tmp/user_collection/user_details.csv
    
        - name: 'Sending Ansible users report email'
          mail:
            host: smtp.gmail.com
            subtype: html
            port: 587
            password: "{{ gmail_password }}"
            to: abcdefghijkl@gmail.com
            from: abcdefghijkl@gmail.com
            username: abcdefghijkl@gmail.com
            subject: User details report
            attach: /tmp/user_collection/user_details.csv
            body: <pre> {{ lookup('file', '/tmp/user_collection/user_details.csv') }} </pre>
          delegate_to: localhost

below is ansible playbook execution command

ansible-playbook fetch-users-deatils.yml -e "HOSTS=all" --ask-vault-pass

Answer 2

Double-quotes could explain this error but not for me. Look at the entire error/warning to see what is attempting to parse json. In my case....

[WARNING]: Failure using method (v2_runner_on_ok) in callback plugin (): u'secret_value' is not JSON serializable

An older AWX callback plugin called json.load and logged a warning along with secrets in plain text. It needed an upgrade.

Answer 3

Add task-level variable:

  - name: Create 
    mysql_db:
      state: present
      name: "{{ mysql_name }}"
      login_host: "{{ mysql_host }}"
      login_user: "{{ mysql_user }}"
      login_password: "{{ mysql_pass }}"
    vars:
      mysql_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39613261386438623937643062636166663638633062323939343734306334346537613233623064
          3761633832326365356231633338396132646532313861350a316666376566616633376238313636
          39343833306462323534623238333639663734626662623731666239366566643636386261643164
          3861363730336331660a316165633232323732633364346636363764623639356562336536636136
          6364