Support the use of a locally running Vault Agent process to interact with Vault. This relieves the user almost entirely have need to manage or interact with tokens. Example case:
Vault Agent is configured to perform AWS IAM authentication.
The Vault Agent has a TCP listener on 127.0.0.1:8100 (standard HashiCorp deployment examples)
Ansible using hashi_vault then just instructs hvac to connect to the local listener and authentication is transparent.
ISSUE TYPE
Feature Idea
COMPONENT NAME
community.hashi_vault, authentication methods.
ADDITIONAL INFORMATION
Related: https://github.com/ansible/ansible/issues/60728
It appears that this was suggested before, but deemed unsupported by the upstream Python hvac module, but the notes in the docs there suggest that the module is missing support for UNIX Sockets connections to the Vault Agent. This works fine when connecting to a local TCP Vault Agent listener.
SUMMARY
Support the use of a locally running Vault Agent process to interact with Vault. This relieves the user almost entirely have need to manage or interact with tokens. Example case:
hashi_vaultthen just instructshvacto connect to the local listener and authentication is transparent.ISSUE TYPE
COMPONENT NAME
community.hashi_vault, authentication methods.ADDITIONAL INFORMATION
Related: https://github.com/ansible/ansible/issues/60728 It appears that this was suggested before, but deemed unsupported by the upstream Python
hvacmodule, but the notes in the docs there suggest that the module is missing support for UNIX Sockets connections to the Vault Agent. This works fine when connecting to a local TCP Vault Agent listener.