search

Keeper-Security / secrets-manager

Keeper Secrets Manager is a cloud-based, zero-knowledge platform for securing infrastructure secrets. Provides automatic password rotation and integration into popular DevOps CI/CD tools.
https://www.keepersecurity.com/secrets-manager.html
MIT License
87 stars 48 forks source link

Ansible varibale 'keeper_config_file' does not work. There is no config file and the Ansible variable contain no config keys. #673

Open flybyray opened 2 weeks ago

flybyray commented 2 weeks ago

Tested with the sample playbook provided by Keeper-Security.

TASK [Generate a Keeper Record Cache secret] **********************************************************************************************************************************************************************
fatal: [es11]: FAILED! => {"msg": "Keeper Ansible error: There is no config file and the Ansible variable contain no config keys. Will not be able to connect to the Keeper server."}

ansible-inventory -i inventory/prod --host es11 | \jq -r ".keeper_config_file"

{{ (inventory_dir, '..', '..') | path_join | realpath }}/keeper-{{ inventory_dir | basename }}.ini

ansible es11 -i inventory/prod -m debug -a 'var=keeper_config_file'

es11 | SUCCESS => {
    "keeper_config_file": "~/ansible/keeper-prod.ini"
}

head ~/ansible/keeper-prod.ini

[_config]
active_profile = _default
color = True
cache = False
record_type_dir
editor
editor_use_blocking = False
editor_process_name

[_default]
flybyray commented 2 weeks ago

Not sure if this is a bug but it is against habits of ansible developers. the variables keeper_ may not include Jinja2 templating. :-(

can be closed but i would like to see this fixed, templating is just useful to have clean structure for different inventories.