I use VSCode on Windows. When trying to use this extension without storing password on filesystem (e.g. entering password each time it's required), I face the following error:

Command failed: touch C:\Users\User\AppData\Local\Temp\tmp-57692Jab9WhG31WYX && echo "PassWord" > C:\Users\User\AppData\Local\Temp\tmp-57692Jab9WhG31WYX 'touch' is not recognized as an internal or external command, operable program or batch file.

It's an expected behavior, because Windows doesn't have Unix commands natively.

My offer is to use TypeScript/JS native ways to write files (e.g. fs module) - this will resolve all possible cross-platform problems.

I'm not able to encrypt files that do not have a .yml extension. Can we lift this restriction somehow?

When I try to decrypt a file I get the following error: filepath.charCodeAt is not a function

Hello.

I faced a problem with ansible-vault extention.
It not work. I set all three variables in settings, restart VS code.
When i select Encrypt/decrypt in menu i got nothing.

My environment:

• OS: MacOS 10.12.4 and Debian 9
• Ansible: 2.3.0.0 (installed from brew and pip)
• VS Code: 1.11.2
• Extention: v.0.0.5

Please see issue reported on Ansible's Repo: ansible/ansible#46310

if vault file path is defined in ansible.cfg --vault-password-file should not be specified on the commandline otherwise encrypt will stop functioning from the extension.

Can the extension be made to only include --vault-password-file="" if the field in the extension settings is populated?

When attempting to encrypt a file, we get:

Command failed: /usr/local/bin/ansible-vault encrypt "/Users//Documents/GitHub/all.yml" --vault-password-file="/etc/ansible/.vaultpwd"
ERROR! The vault-ids default,default are available to encrypt. Specify the vault-id to encrypt with --encrypt-vault-id

I get the following error:

'.vault_password' specified in defaults.vault_password_file of '/Users/dutchy/path/to/project/here/ansible.cfg' is not exist.

This file is specified as follows:

[defaults]
inventory=./inventory.ini
vault_password_file=.vault_password

Maybe some error with relative paths?

This is on MacOS, if that is relevant.

Hi, it would be great to be able to highlight an item and encrypt just the selected string instead of the whole file.

Hi,

It's would be amazing if you can add the support for viewing/editing the content of a vault file without decrypt/encrypt the file.

Eg :
ansible-vault view some_vault_file

Hello,

I am using VScode, I installed the plugin. I wanted to use it without configure ansibleVault.keyfile and ansibleVault.keypass.

So, I opend my vault file. Hit ctl+alt+0 as mentioned then tape the password vault and nothing happen.

Any hit ? did I miss smthg ?

Thanks
Anis

Dear developer,

Recently we conducted a VS code extension audit to review coding practices, making sure we’re using the latest technologies available focused on security. During this review, we identified a security issue inside your extension where credentials are stored as plaintext.

Back in January of this year, VSCode introduced API for secrets storage keystrokes in to save the secrets. Please take a moment to read through this API in order to understand how to enhance the extension security.

Any questions, please feel free to ask and I’ll be happy to help!

���@�Ê?‘6�g�ÔÆZM�o�>¥�ú¥9
»¢�/ÆØÙ(~O_¤w×B—�Êù*?·)ꨚ8�Úéc£‘ÙŸÌø¢j?¶.œ8Íjjõ5–è2ͳ´ôÜ�syéüííQ‚ï£|Ðý„Rf"öd]Bܼ¤…¥ÃAC¿‡´ª'Œ;{_!øÛ�4€H3¦Aøå™û9zÈö¶Q yý’¯$ÓüI”©Ñ�–ÌàíÔç�aÇ‘½i¬ÞÁþ�é¥-xoNc[—Æ–D õ_oyTòwà˜œSØ^7� �œœ@<�¼Ôš¼ê×¾Gê�\—´3��3ª-‹¾‰�(Óï"™EC¡‹Zj�É“ìÇ|�>p¼�·�Ãÿ* ±�Xõse�HyÐKV¤ªÆhå¹�w™†( Üáìâá?ì�™=ÎUu°ÃA0W€%�“�¸ª�f� ÖF)²éÌŸ]��lн­!��³,ŠÛâí’@&ÁBý�ß }�ƒÃ½€a¦�úù�—«ÿ^Àµ©Œ�[$œ×D�oóíäÆ�.VpÃíð·›�-�¼\v3ü{%(L»$dÀi�¹–Öãöú��h!‹�­iǬ ˆ�Ãß œÆ{}­Ý£Ï-:r×*E‰�ôE *Uw( À�N�1Ñ�…¡¨n°pÖ€����7Å�l¸p³ï÷œëK^^Øa(×ɱç­ÒÝ�Ab�_æäü øŸÙ –Ì�Úߊ�fÈ�åÑ�£¾ÃkïõÜ�Ì’NG.?°òPÒÛõËTÝ

Ability to control path to ansible-vault would be nice.

System: Fedora 32
VS version: 1.46.1

I have ansible installed

ansible --version
ansible 2.9.10

and path to ansible-vault configured in Ansible Vault: Executable

When I try to decrypt file, it says:

Command 'Encrypt/Decrypt with ansible-vault' resulted in an error 
(Command failed: /home/path/local/bin/ansible-vault decrypt "/path" --vault-password-file="/tmp/tmp-875IalWvJ7BheK" 
Traceback (most recent call last): File "/home/path/.local/bin/ansible-vault",
 line 34, in <module> from ansible import context ModuleNotFoundError: No module named 'ansible' )

Do I have to configure something else in visual studio?

Running encrypt or decrypt fails on my machine because /bin/sh: ansible-vault: command not found. My ansible vault location is at /Users/jsmith/.pyenv/shims/ansible-vault

The plugin always tries to use the first folder declared in the workspace list, so if the vault file isn't in the first folder then the plugin will not find the ansible.cfg file or worse, uses the ansible.cfg of the first workspace folder, that can have an unrelated configuration.

A possible fix is to check the current folder, then the parent ones until it finds the ansible.cfg file (stopping at the root of the current workspace), then checking the user and system locations..

Hi,

I'm getting this when working with vscode (remote connected to a linux box). It's running fine inside wsl - I'm only getting this on this remote box. Any hints what I'm doing wrong ?

Thanks !

Command 'Ansible Vault: Encrypt/Decrypt' resulted in an error (Command failed: ansible-vault decrypt "xxxx/ansible-playbooks/vars/encrypted.yml" /usr/lib/python3.7/getpass.py:91: GetPassWarning: Can not control echo on the terminal. passwd = fallback_getpass(prompt, stream) Warning: Password input may be echoed. Vault password: [WARNING]: Error in vault password prompt (default): EOFError (ctrl-d) on prompt for (default) ERROR! EOFError (ctrl-d) on prompt for (default) )

I can run decrypt using command line ansible-vault view group_vars/all/vault.yml from the command line and it does work. Just do no like it as zsh defaults to vi and I prefer to view and edit in Visual Studio Code.

These errors I see when running decryption:

Getting vault keyfile from /Users/jasper/code/site.com/trellis/ansible.cfg
Command failed: ansible-vault decrypt "/Users/jasper/code/site.com/trellis/group_vars/all/vault.yml"

Trellis has a ansible.cfg loading password from .vault_pass file and it is in the root of the project so should just load.

Could be related to #26

It appears that the plugin does not properly respect when ANSIBLE_VAULT_PASSWORD_FILE is set via environment variable.

When attempting to decrypt/encrypt, regardless of whether I have ansibleVault.keyfile set in the VSCode preferences or enter the passkey manually, I get the following error:

Command failed: ansible-vault encrypt "/Users/cweiss/workspace/.../secure_variables.yml" --vault-password-file="/var/folders/xd/xs3zm4d50_56hrb_mq3_203nnqq4gy/T/tmp-88542TClaVHohZmsP" ERROR! The vault-ids default,default are available to encrypt. Specify the vault-id to encrypt with --encrypt-vault-id

From what I understand, this error occurs when you try to specify a passkey when one is already specified by configuration files/variables, ansible-vault doesn't know which to pick.

If I un-set the environment variable and launch VSCode from that shell instance, the plugin works correctly.

This is on OS-X using zsh as my default interpreter and setting the variable in .zshrc. It appears the environment variables the system is launched with are locked in the VSCode instance when it's launched from Finder. To properly test, you need to make changes in a terminal instance and launch VSCode from that environment using the command line.

@dhoeric As the newer Ansible Language extension already added support for vaulting, I think it would not be bad if this extension would be retired from the marketplace?

What do you think?

For whatever reason, it's not properly recognizing them and so it's being flagged as an unknown tag.

I use Visual Code on Windows, but run Ansible in VM's or in Window's Linux Subsystem (WSL). With the newer versions, you can launch Linux programs from Windows with the c:\Windows\System32\bash.exe command.

I first tried to set ansibleVault.executable to c:\\Windows\\System32\\bash.exe -lc 'workon ansible2; ansible-vault $*' -- which is a command that works from the cmd.exe windows shell (without the escaped \). Running this however completely hangs all input in Visual Studio, forcing me to restart it.

I've tried quite a few things, including a wrapper shellscript, wrapper batch script, ... all with the same results.

Hi,

based on the double-quoted shell exec there is an issue regarding some character combinations like \$ for example.

Bash-Example:

echo "myWonderFullPa\$\$"
myWonderFullPa$$

vs

echo 'myWonderFullPa\$\$'
myWonderFullPa\$\$

Would suggest to change that command to a single quoted variant to hopefully get the typed password to the target ansible-vault command and not losing some chars in the middle.

When using an ansible.cfg file which contains a setting for a default vault_password_file the extension always asks for a password. Leaving this empty will result in an error.

• The extension should check if the ansible.cfg contains a default setting for a vault_password_file
• The file referenced in ansible.cfg can be defined with an absolute path or relative to the location of the ansible.cfg
• The extension should not ask for a password when the setting is defined in ansible.cfg and the referenced file exists

Ref: http://docs.ansible.com/ansible/latest/intro_configuration.html#configuration-file