Use of --ask-vault-pass on Jenkins pipeline

Question

I am using ansible-vault in a playbook and I want to call it from Jenkinsfile. I have read that you can have the password in a file and just call it like that but I want to do it using the --ask-vault-pass.

I created the credential (secret text) on Jenkins and I want to use it but I don't know how. Been searching around the internet but all I see are questions regarding the usage of the ansible-vault password in a file.

This would be the code:

pipeline {
    agent none

    environment {
        ANSIBLE_VAULT=credentials('ansiblevault')
    }

    stages {
        stage ('Start docker node via Ansible') {
            agent { label 'ansible_slave' } 
            steps {
                sh 'ansible-playbook /etc/ansible/instance_start_stop.yml --ask-vault-pass -i hosts --user user1 --key-file /home/user1/.ssh/id_rsa'
            }
        }
    }
}

How could I use the credential in this case? Thanks!

Answer 1

Thanks Zeitounator and β.εηοιτ.βε for your replies!

I tried this:

withCredentials([file(credentialsId: 'ansible_password', variable: 'ansibleVaultKeyFile')]) {
                    ansiblePlaybook playbook: 'instance_start_stop.yml', inventory: 'hosts', extras: "--user user1 --vault-password-file ${ansibleVaultKeyFile} --key-file /home/user1/.ssh/id_rsa'"

But there was a problem of not having the right permissions since the user I am doing the command with, is not root. So I needed the sudo. I tried using sudoUser but to no avail.

So this is how I implemented it in the end:

withCredentials([file(credentialsId: 'ansible_password', variable: 'ansibleVaultKeyFile')]) {
                    sh 'sudo ansible-playbook /etc/ansible/instance_start_stop.yml --vault-password-file ${ansibleVaultKeyFile} -i /etc/ansible/hosts --user user1 --key-file /home/user1/.ssh/id_rsa'
                }