Last active
April 11, 2018 07:59
-
-
Save VireshDoshi/ae5dd1427094cfe6a552fd9b73bb2dff to your computer and use it in GitHub Desktop.
ansible playbook to get values from vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine:latest | |
| RUN apk add --update curl python python-dev py-cffi py-pip openssl-dev build-base && rm -rf /var/cache/apk/* | |
| RUN pip install -U pip setuptools && \ | |
| pip install ansible==2.4.3 requests termcolor packaging ansible-modules-hashivault hvac | |
| ADD ansible.cfg /etc/ansible/ansible.cfg | |
| ENV ANSIBLE_LOCAL_TEMP=/tmp | |
| ENV ANSIBLE_FORCE_COLOR=true | |
| ENV PYTHONUNBUFFERED=1 | |
| CMD ansible --version |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # build the docker image | |
| $docker build | |
| # set the VAULT enviornment details as per your setup | |
| export VAULT_ADDR= | |
| export VAULT_TOKEN= | |
| # command execution to run the playbook via the dockerised ansible command | |
| $ docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=$VAULT_ADDR -v /home/vdo023/dev/ans_vault_access:/home ansible:local ansible-playbook -i "localhost," /home/playbook-access_vault_key.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: no | |
| tasks: | |
| - name: get vault status from vault value | |
| hashivault_status: | |
| url: "{{ lookup('env', 'VAULT_ADDR') }}" | |
| token: "{{ lookup('env', 'VAULT_TOKEN') }}" | |
| authtype: token | |
| register: 'verify' | |
| - name: Write a vault entry | |
| hashivault_write: | |
| secret: '/infrastructure/creds/viresh' | |
| data: | |
| username: 'viresh' | |
| password: 'secret_dont_show' | |
| - name: read from vault | |
| hashivault_read: | |
| secret: '/infrastructure/creds/viresh' | |
| key: 'password' | |
| - name: set the username from a value from vault lookup module | |
| set_fact: | |
| username: "{{lookup('hashivault', '/infrastructure/creds/viresh', 'username')}}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment