Closed Laikulo closed 3 years ago
Hi @ArchLayperson , thanks for submitting. This seems like a reasonable change, and should be possible for v1.2.0.
In following #10 , we'll probably also introduce an ANSIBLE_HASHI_VAULT_
-prefixed version, and INI file support, with the VAULT_CACERT
version having the lowest priority.
@ArchLayperson The changes referenced above have been released in v1.2.0.
SUMMARY
Make ca_cert default to env:VAULT_CACERT
ISSUE TYPE
COMPONENT NAME
hashi_vault lookup plugin
ADDITIONAL INFORMATION
Presently, when using hashi_vault with a non-public CA, the user must specify the CA certificate as part of the lookup parameters.
It would be nice if hashi_vault matched the vault client's behavior, and used a CA from VAULT_CACERT if available.
Currently, I am using the following workaround