Ansible Plugin - secret fetch via playbook using Ansible-playbook cli

Install the following package:

pip install hvac

👍

Note

Akeyless developed API compatibility with Hashicorp Vault OSS, enabling the use of Vault OSS community plugins for both Static & Dynamic Secrets, you can find more information here

Create Playbook

In the below example the name of the secret is test.

---
# This playbook fetches a secret from Akeyless Platform
- name: Echo
  hosts: all
  tasks:
   - name: Fetching a secret named test from Akeyless Vault
     debug:
      msg: "{{ lookup('hashi_vault', 'secret=secret/data/test:data') }}"

Set your Akeyless token in ~/.vault-token within your Ansible machine, where it can be extracted directly using the akeyless auth command:

VAULT_TOKEN=$(akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}' > ~/.vault-token)

In the response, you can extract your token. Note that this token will be revoked upon TTL expiration.

Setting up Akeyless Platform endpoint:

export VAULT_ADDR=https://hvp.akeyless.io

Run Playbook

To run your playbook simply run the command:

ansible-playbook -i <hostname>, -u ubuntu secret_fetch.yml