Add hashivault option as docker-compose optional container (#14161)

Co-authored-by: Sarabraj Singh <singh.sarabraj@gmail.com>

tools/docker-compose/ansible/roles/sources/tasks/main.yml

@@ -101,6 +101,10 @@
   include_tasks: ldap.yml
   when: enable_ldap | bool
 
+- name: Include Vault tasks if enabled
+  include_tasks: vault.yaml
+  when: enable_vault | bool
+
 - name: Render Docker-Compose
   template:
     src: docker-compose.yml.j2

tools/docker-compose/ansible/roles/sources/tasks/vault.yaml

@@ -0,0 +1,20 @@
+---
+- name: create vault secret file and scope into ansible-runtime
+  block:
+    - ansible.builtin.stat:
+        path: "{{ sources_dest }}/secrets/{{ item }}.yml"
+      register: vault_secret
+      loop:
+        - vault_password
+
+    - ansible.builtin.template:
+        src: "secrets.yml.j2"
+        dest: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
+        mode: "0600"
+      loop: "{{ vault_secret.results }}"
+      loop_control:
+        label: "{{ item.item }}"
+
+    - include_vars: "{{ sources_dest }}/secrets/{{ item.item }}.yml"
+      loop: "{{ vault_secret.results }}"
+      no_log: true

tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2

@@ -233,6 +233,19 @@ services:
     privileged: true
   {% endfor %}
 {% endif %}
+{% if enable_vault|bool %}
+  vault:
+    image: hashicorp/vault:latest
+    container_name: tools_vault_1
+    hostname: vault
+    ports:
+      - "1234:1234"
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "{{ vault_password }}"
+      VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:1234"
+    cap_add:
+      - IPC_LOCK
+{% endif %}
 
 volumes:
   awx_db: