Currently, the Infisical Ansible collection only supports read_secrets. We also need to be able to write secrets from Ansible.
Why would it be useful?
One current real-world example: When setting up bacula clients on freshly provisioned Linux servers, an individual client secret gets generated on installation that we need to store in a vault (eg, Infisical) so that the Bacula server can get configured with that client-specific secret and future playbook runs that leverage templating likewise can grok the credential from Infisical.
Additional context
We are replacing a playbook process that previously used Hashicorp Vault as we are trying to standardize on Infisical for these types of operations.
Our current workaround has been to bake the Infisical CLI into a custom Execution Environment for Ansible AWX with a custom Credential Type. It would be great to have an Ansible-native way to do this and for other Infisical Ansible users to not have to build out a similar workaround on their own.
Feature description
Currently, the Infisical Ansible collection only supports
read_secrets
. We also need to be able to write secrets from Ansible.Why would it be useful?
One current real-world example: When setting up bacula clients on freshly provisioned Linux servers, an individual client secret gets generated on installation that we need to store in a vault (eg, Infisical) so that the Bacula server can get configured with that client-specific secret and future playbook runs that leverage templating likewise can grok the credential from Infisical.
Additional context
We are replacing a playbook process that previously used Hashicorp Vault as we are trying to standardize on Infisical for these types of operations.
Our current workaround has been to bake the Infisical CLI into a custom Execution Environment for Ansible AWX with a custom Credential Type. It would be great to have an Ansible-native way to do this and for other Infisical Ansible users to not have to build out a similar workaround on their own.