From 97c6805d47990561a3d057e4b2661e804549d364 Mon Sep 17 00:00:00 2001
From: Sloane Hertel <shertel@redhat.com>
Date: Wed, 6 Jun 2018 16:16:16 -0400
Subject: [PATCH] aws_s3: don't decrypt file before uploading - fixes #39287
 (#39634)

* aws_s3: do not decrypt file before uploading to bucket

* changelog

(cherry picked from commit 387c37e255393ad68c4a80c9a304b14aeee02d91)
---
 changelogs/fragments/aws_s3_decryption_fix.yaml | 3 +++
 lib/ansible/plugins/action/aws_s3.py            | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/aws_s3_decryption_fix.yaml

diff --git a/changelogs/fragments/aws_s3_decryption_fix.yaml b/changelogs/fragments/aws_s3_decryption_fix.yaml
new file mode 100644
index 00000000000..27034e85047
--- /dev/null
+++ b/changelogs/fragments/aws_s3_decryption_fix.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+- fix decrypting vault files for the aws_s3 module (https://github.com/ansible/ansible/pull/39634)
diff --git a/lib/ansible/plugins/action/aws_s3.py b/lib/ansible/plugins/action/aws_s3.py
index d5911477ed7..a454922a101 100644
--- a/lib/ansible/plugins/action/aws_s3.py
+++ b/lib/ansible/plugins/action/aws_s3.py
@@ -50,7 +50,7 @@ class ActionModule(ActionBase):
                 # For backward compatibility check if the file exists on the remote; it should take precedence
                 if not self._remote_file_exists(source):
                     try:
-                        source = self._loader.get_real_file(self._find_needle('files', source))
+                        source = self._loader.get_real_file(self._find_needle('files', source), decrypt=False)
                         new_module_args['src'] = source
                     except AnsibleFileNotFound as e:
                         # module handles error message for nonexistent files