When running tests with molecule:
molecule tests
and some files are protected with ansible vault, the --vault-password-file must be specified to provide the password to decrypt their content.
Although it is possible to do that with converge
 molecule converge -- --vault-password-file ~/.vault.txt
it fails with molecule tests
 $ molecule test -- --vault-password-file ~/.vault.txt
 Usage: molecule test [OPTIONS]
 Error: Got unexpected extra arguments (--vault-password-file ~/.vault.txt)
Using the ANSIBLE_VAULT_PASSWORD_FILE environment variable like so:
ANSIBLE_VAULT_PASSWORD_FILE=$HOME/.vault.txt molecule test
will bypass molecule arguments parsing logic and let ansible know where the vault password is located.
You can pass the the password file to molecule via provisioner.config_options.defaults.vault_password_file in your molecule.yml file as follows:
provisioner:
name: ansible
config_options:
  defaults:
    vault_password_file: "${MOLECULE_SCENARIO_DIRECTORY}/vault.pw"
where vault.pw is a plain text file that contains only your password (Make sure this is well protected!)
The vault password file is an option passed over to Ansible directly and is defined here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With