Ansible AWX Plugin - secret fetch via playbook using Universal Identity

Below, please find an example of using Ansible AWX with Akeyless Vault for storing credentials, utilizing Akeyless Universal Identity.

Prerequisites

The section refers to changes that should be done in the awx machine (awx-task container).

  1. Set akeyless-vault url in: VAULT_ADDR environment variable:
export VAULT_ADDR=https://hvp.akeyless.io
  1. Now, you’ll need to configure the Akeyless temporary API token read more here (this is the recommended and the more secure method). For token rotation please read more here. The rotated token should be saved in /var/lib/awx/.vault-token file

Configuring AWX Plugin

To use the vault plugin, complete the following procedure:

  1. Download https://github.com/jhaals/ansible-vault and add it to your lookup_plugins directory as described in the link.
  2. Create a new template, according to the below:
17001700 10371037

After successful job launch you will see the following:

17271727

For an additional ways to work with Ansible AWX, see Ansible AWX Plugin - secret fetch via playbook.