Errors during ansible ansible vault decryption result in an overwrite of vault.yml
Any errors that happen during the ansible vault decryption seem to result in the vault file being overwritten with an empty file. I've seen this happen a few times unfortunately, and it can happen due to trivial errors. As an example, I setup a new dev machine where I had not added the dev user to the docker group and ran a make
command:
user@ubuntu:~/homelab/HomelabOS$ make update
...
========== Decrypting Ansible Vault! ==========
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
Makefile:158: recipe for target 'decrypt' failed
make[1]: *** [decrypt] Error 126
make[1]: Leaving directory '/home/user/homelab/HomelabOS'
Vault already migrated to v0.7 - Skipping
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
Makefile:22: recipe for target 'config' failed
make: *** [config] Error 126
After checking settings/vault.yml
I found that it had been overwritten.
I've run into this issue again when I was running a make
command with userns remapping, which resulted in a docker error during the vault decryption stage, and resulted in an overwritten file.
I would suggest making a backup copy of the file before decryption, and restore the backup file if any errors are encountered.