Cannot "trellis up" due to missing library: "ansible-vault requires the cryptography library in order to function"

Existing project (created on an Intel iMac machine), cannot be trellis up’d normally due to missing cryptography library:

PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] *********
[WARNING]: Failure using method (v2_playbook_on_play_start) in callback plugin
(<ansible.plugins.callback.vars.CallbackModule object at 0x10be89820>):
ansible-vault requires the cryptography library in order to function
ERROR! ansible-vault requires the cryptography library in order to function
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
exit status 1

Proc: M1 Apple Silicon
macOS: Monterey 12.6
Vagrant: 2.2.18
Parallels: 18.0.2 (Desktop 18 Pro)
Trellis CLI: 1.7.0
Trellis: 1.15.0
Bedrock: 1.20.0

pip3 install cryptography has had no effect.


  • Rerunning vagrant up after the above error, does indeed finish (all the way through post_up_message).
  • trellis provision development completes almost as expected, except for an unrelated problem with [wordpress-install : Setup composer authentications -] (Do not run Composer as root/super user! See for details Aborting as no plugin should be loaded if running as super user is not explicitly allowed)
  • trellis ssh development runs OK (and actually allows composer update, even against custom third-party repos, which means that I’m not completely blocked by the above-mentioned composer_authentications problem).
  • The resulting site is fully browsable at the configured localhost address on both the Public and Admin sides.

In other words, something is apparently broken here, but not painfully blocking, AFAIK. Three questions:

  1. What is the preferred way to add the missing cryptography library?
  2. Isn’t this library a requirement that we would normally expect Trellis CLI to take care of for us?
  3. If a solution to this missing component is not immediately available, given all that is apparently working as expected in this scenario, what roadblocks am I likely to run into in this setup until a fix is indeed available?

Install python3 with homebrew

You will need to remove any previous Ansible installations beforehand

Once Ansible is removed and python3 is installed, ensure it is in your path

I ran into this issue last week with a colleague, it seems the latest OS throws a spanner in the works as Trelis CLI sees the python shipped, but the shipped python isn’t the complete package.

What @craigpearson said above might be a good first step to get Python3 in a good place. However, since you’re using trellis-cli you don’t need to worry about Ansible or any other pip packages since it handles it.

Like a lot of Python projects, Trellis’ dependencies are found in the requirements.txt file. So instead of installing individual packages manually, you always tell pip to use that file to get all the proper versions.

However, with trellis-cli all you run is trellis init which runs pip install -r requirements.txt for you (in addition to other stuff).

Yes, if you notice cryptography isn’t even listed in that requirements.txt file. That’s because it’s a dependency of ansible which depends on it. So because that’s missing, it shows that something else is wrong beyond just “missing a dependency”. This points to either:

  1. python install is messed up. Re-installing it with homebrew might fix this.
  2. you need to re-initialize your project

trellis init --force will delete your existing virtualenv and re-create it; including installing all dependencies. This is always a recommended first step when you run into any issues like this. And if you ever re-install Python, change the system python version, upgrade your OS, use pyenv, etc… then run trellis init --force again.


The only thing I had to do is brew install python3 (I generally trellis init --force anyway when working through environmental issues).

My first VM on this brand new M1 machine appears to be happy!

(Except for an unrelated error at [wordpress-install : Setup composer authentications -] that outputs Do not run Composer as root/super user! See for details Aborting as no plugin should be loaded if running as super user is not explicitly allowed , and is plaguing 3 other projects on 2 machines besides this one… :confused: )

1 Like