Some customers are not able to use Ansible Vault in their environment and wanted to know if it was required by CCS to be able to perform CCS Pave/Repave.

Release: CCS 12.6.x

Development has looked into the issue with CCS Repave functionality introduced in CCS 12.6.x, and the use of Ansible Vault is required.  They have determined that the CCS Ansible script does not have any dependency on Ansible Vault specifically.  

The CCS Ansible Repave scripts require input parameters, and some of the input parameters are sensitive information (like passwords, passphrases, etc.). All the required input parameters are contained in the SecureConfig.enc file. To secure the SecureConfig.enc file by default, CCS uses Ansible Vault to encrypt/decrypt the file, but the CCS Repave Ansible scripts do not need that file to be encrypted for the scripts to work.

To secure the sensitive information that is contained in that file, the customer can encrypt/decrypt the file with any existing tool that they currently use in their environment, CCS just needs to be able to read the input from the SecureConfig.enc file at the time of script execution.