Created
July 30, 2019 09:00
-
-
Save devops-rob/63e0a92dff6a130331be9f2fb144cf85 to your computer and use it in GitHub Desktop.
SImple ansible playbook to demonstrate pulling secrets from Hashicorp Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# simple playbook to demonstrate ansible reading a KV secret from hashicorp vault | |
# the following environment variables need to be set for ansible to authenticate with Vault | |
# | |
# export VAULT_ADDR=http://127.0.0.1:8200 | |
# export VAULT_SKIP_VERIFY=true | |
# export VAULT_AUTHTYPE=token | |
# | |
# A secret will need to be put in the demo/test1 path under the KV secrets engine | |
- hosts: localhost | |
tasks: | |
- name: Get vault status | |
hashivault_status: | |
register: 'vault_status' | |
- name: get vault secret | |
hashivault_read: | |
secret: 'demo/test1' | |
mount_point: kv | |
key: password | |
version: 2 | |
register: 'vault_secret' | |
- name: create a blank file to write to | |
file: | |
state: touch | |
path: ~/Desktop/ansible-test.txt | |
owner: robertbarnes | |
- name: write secret to a file | |
lineinfile: | |
create: yes | |
path: ~/Desktop/ansible-test.txt | |
line: "{{vault_secret}}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment