Ansible AWX Plugin - secret fetch via playbook

Below, please find an example of using Ansible AWX with Akeyless Vault for storing credentials.
There are two main parameters used to configure the connection to Vault - the URL to the vault itself, and a token to use. These are used by the lookup plugin via the environment variables VAULT_ADDR and VAULT_TOKEN.

Prepare AWX Environment

Clone the project and check all the dependencies as mentioned in the getting started section:

Run compose docker (run sudo ansible-playbook -i inventory install.yml):

Note: you might need to run ‘sudo mkdir /root/.awx/awxcompose’

Configure Vault

Create new project:

Create new Vault credential:

Create new Ansible AWX credential (make sure you have a secret named test):


Please note

The username & password in the Ansible AWX credential (depicted above) are related to connecting hosts. These credentials are not relevant in our example. For further reading -


Vault directory fetching (path/to/dir/*)

Only first level files in the directory will be fetched.
Only static secret will be shown.
If there are two secrets with the same key in the json it will be overridden (secret1:{"hello":"world"} & secret2:{"hello":"world2"}====>the result will contain one of the secrets).
If secret /path/to/secret has non json value: v1, vault will return the following response {"/path/to/secret":"v1"}.

Create new template:

Launch the template:

Fetching all secrets from a folder

For fetching all secrets in folder named "keys":

When fetching “secret/data/keys/*” in the Ansible AWX credentials:

Did this page help you?