Johannes KastlMar 28

Dear #AWX users out there (AWX as in Ansible, not AWS as in Amazon...),

does anyone have good pointers on connecting AWX and #Hashicorp #Vault / #OpenBoa **without** having to define each secret/credential again in AWX?

I have set up a basic connection according to the documentation: https://ansible.readthedocs.io/projects/awx/en/24.6.1/userguide/credential_plugins.html#ug-credentials-hashivault
And I have created a credential using that lookup and could successfully output its value in a playbook run in AWX.

But having to define a AWX credential for each secret that I need to pull from Vault/OpenBoa sounds like a lot of unnecessary duplication.
(Yes, I know you can manage AWX via Ansible. We do that already. But still, you need to define the credentials in your code somewhere for the automation to create it in AWX)

#DevOps #security #InfrastructureAsCode #Ansible

12. Secret Management System β€” Ansible AWX community documentation

Ric Harvey πŸ‡ͺπŸ‡ΊπŸŒπŸ’šDec 11, 2023
When #IBM created the fork of #HashiCorp #vault they missed the chance to call it openSesame allowing people to open it and give them all the secrets. I’m disappointed to say the least. #opensource #openboa