Skip to content

RyanMillerC/ansible-vault-integration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
helper
helper
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
execution-environment.yml
execution-environment.yml
 
 
inventory
inventory
 
 
playbook.yml
playbook.yml
 
 

Repository files navigation

Ansible (AAP) integration with Hashicorp Vault

Based off this blog post.

Example Playbook: playbook.yml

What's needed to make this work

  • Custom "Credential Type" in AAP
  • Ansible Execution Environment with "community.hashi_vault" collection and "hvac" Python dependency

Custom Credential Type

  • Name: Hashicorp Vault AppRole
  • Description: Authenticate Ansible to Hashicorp Vault using an AppRole. For use with the community.hashi_vault collection.
  • Input Configuration:
fields:
  - id: vault_role_id
    label: AppRole Role ID
    type: string
  - id: vault_secret_id
    label: AppRole Secret ID
    secret: true
    type: string
  - id: vault_url
    label: Hashicorp Vault URL
    type: string
required:
  - vault_role_id
  - vault_secret_id
  - vault_url
  • Injector Configuration:
extra_vars:
  ansible_hashi_vault_auth_method: approle
  ansible_hashi_vault_role_id: '{{ vault_role_id }}'
  ansible_hashi_vault_secret_id: '{{ vault_secret_id }}'
  ansible_hashi_vault_url: '{{ vault_url }}'

Ansible Execution Environment

Source Code: execution-environment.yml

ansible-builder build --tag hashi_vault_ee --extra-build-cli-args "--platform linux/amd64"

NOTE - hvac (2.3.0) package installs these dependencies:

certifi==2025.1.31
charset-normalizer==3.4.1
idna==3.10
requests==2.32.3
urllib3==2.3.0

About

Example Ansible (AAP) integration with Hashicorp Vault

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages