--- - name: Set vault_addr include_tasks: set_vault_addr.yml - name: Load vault keys include_vars: file: "{{ vault_file }}" - name: Get AWX admin password include_vars: file: "{{ admin_password_file }}" - name: Create a HashiCorp Vault Credential awx.awx.credential: credential_type: HashiCorp Vault Secret Lookup name: Vault Lookup Cred organization: Default controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false inputs: api_version: "v1" cacert: "{{ lookup('ansible.builtin.file', '{{ vault_server_cert }}', errors='ignore') }}" default_auth_path: "cert" kubernetes_role: "" namespace: "" client_cert_public: "{{ lookup('ansible.builtin.file', '{{ vault_client_cert }}', errors='ignore') }}" client_cert_private: "{{ lookup('ansible.builtin.file', '{{ vault_client_key }}', errors='ignore') }}" token: "{{ Initial_Root_Token }}" url: "{{ vault_addr_from_container }}" register: vault_cred - name: Create a custom credential type awx.awx.credential_type: name: Vault Custom Cred Type kind: cloud controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false injectors: extra_vars: the_secret_from_vault: "{{ '{{' }} password {{ '}}' }}" inputs: fields: - type: "string" id: "password" label: "Password" secret: true register: custom_vault_cred_type - name: Create a credential of the custom type for token auth awx.awx.credential: credential_type: "{{ custom_vault_cred_type.id }}" controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false name: Credential From HashiCorp Vault via Token Auth inputs: {} organization: Default register: custom_credential_via_token - name: Use the Token Vault Credential For the new credential awx.awx.credential_input_source: input_field_name: password target_credential: "{{ custom_credential_via_token.id }}" source_credential: "{{ vault_cred.id }}" controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false metadata: auth_path: "" secret_backend: "my_engine" secret_key: "my_key" secret_path: "/my_root/my_folder" secret_version: "" - name: Create a HashiCorp Vault Credential for UserPass awx.awx.credential: credential_type: HashiCorp Vault Secret Lookup name: Vault UserPass Lookup Cred organization: Default controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false inputs: api_version: "v1" default_auth_path: "userpass" kubernetes_role: "" namespace: "" url: "{{ vault_addr_from_container }}" username: "{{ vault_userpass_username }}" password: "{{ vault_userpass_password }}" register: vault_userpass_cred - name: Create a credential from the Vault UserPass Custom Cred Type awx.awx.credential: credential_type: "{{ custom_vault_cred_type.id }}" controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false name: Credential From HashiCorp Vault via UserPass Auth inputs: {} organization: Default register: custom_credential_via_userpass - name: Use the Vault UserPass Credential the new credential awx.awx.credential_input_source: input_field_name: password target_credential: "{{ custom_credential_via_userpass.id }}" source_credential: "{{ vault_userpass_cred.id }}" controller_host: "{{ awx_host }}" controller_username: admin controller_password: "{{ admin_password }}" validate_certs: false metadata: auth_path: "" secret_backend: "userpass_engine" secret_key: "my_key" secret_path: "userpass_root/userpass_secret" secret_version: ""