Documentation
Start typing to search…

Ansible HashiCorp Vault Proxy Plugin

Install the following package:

pip install hvac
ℹ️

Note:

Akeyless developed API compatibility with HashiCorp Vault OSS, enabling the use of Vault OSS community plugins for both Static and Dynamic Secrets, you can find more information here

Create Playbook

In the below example the name of the secret is test.

---
# This playbook fetches a secret from Akeyless Platform
- name: Echo
  hosts: all
  tasks:
   - name: Fetching a secret named test from Akeyless Vault
     debug:
      msg: "{{ lookup('hashi_vault', 'secret=secret/data/test:data') }}"

Set your Akeyless token in ~/.vault-token within your Ansible machine, where it can be extracted directly using the akeyless auth command:

VAULT_TOKEN=$(akeyless auth --access-id "Access ID" --access-type="Auth Method type" --json true | awk '/token/ { gsub(/[",]/,"",$2); print $2}' > ~/.vault-token)

In the response, you can extract your token. Note that this token will be revoked upon TTL expiration.

Setting up Akeyless Platform endpoint:

export VAULT_ADDR=https://hvp.akeyless.io

Run Playbook

To run your playbook simply run the command:

ansible-playbook -i <hostname>, -u ubuntu secret_fetch.yml

Updated about 1 month ago

Footer Section