Closed yungezz closed 4 years ago
This sounds like something that should probably be a lookup plugin.
And it should probably be more generic. There's also HashiCorp Vault and others.
+1 for this
+1 here as well - is this in the works?
+1
this proposal and PR is rejected since it changed ansible core. while the PR of implementation is still could be used as a reference https://github.com/ansible/ansible/pull/42290. Meanwhile, we added a lookup plugin in our role: https://github.com/Azure/azure_preview_modules/blob/master/lookup_plugins/azure_keyvault_secret.py.
Proposal:
Author: @yungezz
Date: 2018-08-01
Motivation
Secrets used in Ansible playbooks, such as ssh key, are saved in environment variables or files on specific ansible control machine. This will cause setup/management effort when swtiching to new control machines. When secrets are updated, all copy will need be updated.
Problems
Solution proposal
Dependencies
~/.azure/credentials
. If auth plugin or cloud credential proposed turned out to be agreed, then authentication could leverage cloud credential.More info
We have a PR here on implementation, and below is an example on how to use it: