Ansible with HashiCorp Vault
Install New Modules to brew managed python
- Check Ansible version
ansible --version
Cause I use brew to install ansible, the output is:
ansible [core 2.16.8]
config file = /Users/cxm/.ansible.cfg
configured module search path = ['/Users/cxm/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/homebrew/Cellar/ansible@9/9.6.0_1/libexec/lib/python3.12/site-packages/ansible
ansible collection location = /Users/cxm/.ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.12.4 (main, Jun 6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/Cellar/ansible@9/9.6.0_1/libexec/bin/python)
jinja version = 3.1.4
libyaml = True
- Install new modules to brew managed python
ansible vault depends on hvac module, so we need to install hvac
module to ansible managed python.
# Install new modules to brew managed python
# https://stackoverflow.com/questions/24257803/install-new
pip3 install hvac -t /opt/homebrew/Cellar/ansible@9/9.6.0_1/libexec/lib/python3.12/site-packages
Write a playbook
---
- name: Tests
hosts: localhost
connection: local
pre_tasks:
- name: Get Secret
community.hashi_vault.vault_kv2_get:
url: "http://cxmhome"
path: "secret/my-super-secret"
auth_method: token
token: "{{ vault_token }}"
delegate_to: localhost
register: vault_resp
tasks:
- name: Display the results
ansible.builtin.debug:
msg:
- "Secret: {{ vault_resp.secret.password }}"
- "Data: {{ vault_resp.data }} (contains secret data & metadata in kv2)"
- "Metadata: {{ vault_resp.metadata }}"
- "Full response: {{ vault_resp.raw }}"
- "Value of key 'password' in the secret: {{ vault_resp.secret.password }}"