search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
15.38k stars 915 forks source link

Ability to write secrets in Ansible collection #1851

Open vwbusguy opened 5 months ago

vwbusguy commented 5 months ago

Feature description

Currently, the Infisical Ansible collection only supports read_secrets. We also need to be able to write secrets from Ansible.

Why would it be useful?

One current real-world example: When setting up bacula clients on freshly provisioned Linux servers, an individual client secret gets generated on installation that we need to store in a vault (eg, Infisical) so that the Bacula server can get configured with that client-specific secret and future playbook runs that leverage templating likewise can grok the credential from Infisical.

Additional context

We are replacing a playbook process that previously used Hashicorp Vault as we are trying to standardize on Infisical for these types of operations.

Our current workaround has been to bake the Infisical CLI into a custom Execution Environment for Ansible AWX with a custom Credential Type. It would be great to have an Ansible-native way to do this and for other Infisical Ansible users to not have to build out a similar workaround on their own.

shabaz39 commented 2 months ago

Hi, would like to contribute to this