Can't use !vault with environment

[davetapley]

Description

Can't use !vault to provide NEW_RELIC_API_KEY to environment.

Steps to Reproduce

- name: New Relic
  hosts: app
  roles:
    - role: newrelic.newrelic_install
      vars:
        targets:
          - infrastructure
          - logs
        install_timeout_seconds: 1000
        verbosity: debug
  environment:
    NEW_RELIC_ACCOUNT_ID: xxxx
    NEW_RELIC_API_KEY: !vault |
    $ANSIBLE_VAULT;1.1;AES256
          XXXXXXXXXX
          XXXXXXXXXX
          XXXXXXXXXX

Expected Behavior

Ansible vault decrypts the value for NEW_RELIC_API_KEY.

Relevant Logs / Console output

Buried in the full output below is:

could not load string value for key licenseKey and profile default, returning 
zero value: no value found at path default.licenseKey\"
level=fatal msg=\"Invalid user API key format detected. Please provide a valid user API key. 

fatal: [dev_win_azure_2025]: FAILED! => {"ansible_async_watchdog_pid": 4316, "ansible_job_id": "j61332596039.4608", "changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls'\n(New-Object System.Net.WebClient).DownloadFile(\"https://download.newrelic.com/install/newrelic-cli/scripts/install.ps1\", \"$env:TEMP\\install.ps1\")\n& PowerShell.exe -ExecutionPolicy Bypass -File $env:TEMP\\install.ps1\n& \"C:\\Program Files\\New Relic\\New Relic CLI\\newrelic.exe\" install -y -n infrastructure-agent-installer,logs-integration --debug --tag nr_deployed_by:ansible-install 2>&1", "delta": "0:00:04.016508", "end": "2025-10-07 15:43:51.748150", "finished": true, "msg": "non-zero return code", "rc": 1, "results_file": "C:\\Users\\alert\\.ansible_async\\j61332596039.4608", "start": "2025-10-07 15:43:47.731642", "started": true, "stderr": "newrelic.exe : level=debug msg=\"could not load string value for key licenseKey and profile \r\ndefault, returning zero value: no value found at path default.licenseKey\"\r\nAt line:4 char:1\r\n+ & \"C:\\Program Files\\New Relic\\New Relic CLI\\newrelic.exe\" install -y  ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n    + CategoryInfo          : NotSpecified: (level=debug msg...ult.licenseKey\":String) [], RemoteE \r\n   xception\r\n    + FullyQualifiedErrorId : NativeCommandError\r\n \r\nlevel=debug msg=\"could not load string value for key licenseKey and profile default, returning \r\nzero value: no value found at path default.licenseKey\"\r\nlevel=fatal msg=\"Invalid user API key format detected. Please provide a valid user API key. User \r\nAPI keys usually have a prefix of \\\"NRAK-\\\" or \\\"NRAA-\\\".\"", "stderr_lines": ["newrelic.exe : level=debug msg=\"could not load string value for key licenseKey and profile ", "default, returning zero value: no value found at path default.licenseKey\"", "At line:4 char:1", "+ & \"C:\\Program Files\\New Relic\\New Relic CLI\\newrelic.exe\" install -y  ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", "    + CategoryInfo          : NotSpecified: (level=debug msg...ult.licenseKey\":String) [], RemoteE ", "   xception", "    + FullyQualifiedErrorId : NativeCommandError", " ", "level=debug msg=\"could not load string value for key licenseKey and profile default, returning ", "zero value: no value found at path default.licenseKey\"", "level=fatal msg=\"Invalid user API key format detected. Please provide a valid user API key. User ", "API keys usually have a prefix of \\\"NRAK-\\\" or \\\"NRAA-\\\".\""], "stdout": "", "stdout_lines": []}

Your Environment

N/A.

Additional context

To verify the encryption I manually decrypted the !vault string with ansible-decrypt and put it in plain text, i.e.:

NEW_RELIC_API_KEY: xxxxxxxx

Then the task worked as expected.