Below, please find an example of using Ansible AWX with Akeyless Vault for storing credentials, utilizing Akeyless Universal Identity.
The section refers to changes that should be done in the awx machine (awx-task container).
- Set akeyless-vault url in: VAULT_ADDR environment variable:
- Now, you’ll need to configure the Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here. The rotated token should be saved in /var/lib/awx/.vault-token file
To use the vault plugin, complete the following procedure:
- Download https://github.com/jhaals/ansible-vault and add it to your lookup_plugins directory as described in the link.
- Create a new template, according to the below:
After successful job launch you will see the following:
For an additional ways to work with Ansible AWX, see Ansible AWX Plugin - secret fetch via playbook.
Updated about 2 years ago