can't authenticate to ansible vault since 3.2.11

[Lusitaniae]

Rundeck version: 4.17.6-20240402

I have Ansible Playbook Node Workflow with Vault Pass Storage Path: keys/production/ansible/.vault

That's a key stored in Rundeck defaults KV store

After going through all recent releases of this plugins seems like 3.2.11 and 4.0.0 both are unable to open the vault file

3.2.10 and earlier releases are all working 👍

[WARNING]: Error in vault password file loading (None): Invalid vault password
was provided from script (/tmp/ansible-runner419321991769154953ansible-script-
vault-client.py)
ERROR! Invalid vault password was provided from script (/tmp/ansible-runner419321991769154953ansible-script-vault-client.py)
Failed: AnsibleNonZero: ERROR: Ansible execution returned with non zero code.

Debug logs show the invokation looking like

encryptVariable ansible_become_password: [ansible-vault, encrypt_string, --vault-id, internal-encrypt@/tmp/ansible-runner3534718919055327790ansible-script-vault-client.py]
 procArgs: [ansible-playbook, site.yml, --vault-id, internal-encrypt@/tmp/ansible-runner3534718919055327790ansible-script-vault-client.py, -l, rundeck1, -vvv, --vault-id, /tmp/ansible-runner3534718919055327790ansible-script-vault-client.py, --private-key=/tmp/ansible-runner2368737503622131914id_rsa, --user=rundeck_user, --timeout=30, --become, --extra-vars=@/tmp/ansible-runner4868465325436002323become-extra-vars, -i, inventory, -l, node1, --tags, app]

[madsi1m]

I also have this exact issue where 3.2.10 works but anything newer does not.

We use SSH login with passwords, starting rundeck manually outside of the service i noticed when i trigger an ansible job, the console is waiting for me to press enter at the ansible ssh password prompt. It looks like the password is entered and i need to press enter for it to continue.

SSH password: <manually press enter>
ECOME password[defaults to SSH password]: <manually press enter>

If i don't press enter i get the same error as @Lusitaniae.

[d4e-sluksch]

@Lusitaniae according to #380, does your vault password file contains multiple lines?

[jimr6007]

it's not that, it's something more low level, even things like using a job option to allow a user to enter a password is broken since 3.2.11, from what I can tell, lot's of things that involve some user input are affected by this issue

[madsi1m]

I can confirm in my testing that this has still not been resolved (tested 4.0.4).

[lennardk]

I seem to have also ran into this. In my case, similar to madsi1m, I've seen it when using both a vault and ssh password authentication.