community / community.general / 0.1.1 / lookup / hashi_vault retrieve secrets from HashiCorp's vault Authors: Jonathan Davila <jdavila(at)ansible.com>community.general.hashi_vault (0.1.1) — lookup
Install with ansible-galaxy collection install community.general:==0.1.1
collections: - name: community.general version: 0.1.1
retrieve secrets from HashiCorp's vault
- debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200')}}"
- name: Return all secrets from a path debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200')}}"
- name: Vault that requires authentication via LDAP debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=ldap mount_point=ldap username=myuser password=mypas url=http://myvault:8200')}}"
- name: Vault that requires authentication via username and password debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=userpass username=myuser password=mypas url=http://myvault:8200')}}"
- name: Using an ssl vault debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hola:value token=c975b780-d1be-8016-866b-01d0f9b688a5 url=https://myvault:8200 validate_certs=False')}}"
- name: using certificate auth debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hi:value token=xxxx-xxx-xxx url=https://myvault:8200 validate_certs=True cacert=/cacert/path/ca.pem')}}"
- name: authenticate with a Vault app role debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid url=http://myvault:8200')}}"
- name: Return all secrets from a path in a namespace debug: msg: "{{ lookup('hashi_vault', 'secret=secret/hello token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200 namespace=teama/admins')}}"
# When using KV v2 the PATH should include "data" between the secret engine mount and path (e.g. "secret/data/:path") # see: https://www.vaultproject.io/api/secret/kv/kv-v2.html#read-secret-version - name: Return latest KV v2 secret from path debug: msg: "{{ lookup('hashi_vault', 'secret=secret/data/hello token=my_vault_token url=http://myvault_url:8200') }}"
url: default: http://127.0.0.1:8200 description: URL to vault service. env: - name: VAULT_ADDR token: description: vault token. env: - name: VAULT_TOKEN secret: description: query you are making. required: true ca_cert: aliases: - cacert description: path to certificate to use for authentication. role_id: description: Role id for a vault AppRole auth. env: - name: VAULT_ROLE_ID password: description: Authentication password. username: description: Authentication user name. namespace: description: namespace where secrets reside. requires HVAC 0.7.0+ and Vault 0.11+. secret_id: description: Secret id for a vault AppRole auth. env: - name: VAULT_SECRET_ID auth_method: choices: - userpass - ldap - approle description: - Authentication method to be used. - C(userpass) is added in version 2.8. env: - name: VAULT_AUTH_METHOD mount_point: default: ldap description: vault mount point, only required if you have a custom mount point. validate_certs: default: true description: controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones. type: boolean
_raw: description: - secrets(s) requested