chrisdola
commented
2 hours ago Yes, that's correct. A role-specific Credential Type is created which provides the name of the vault role required by the playbooks. Templates then refer to that credential which exposes the wrapped token as a variable to the playbook. That can be unwrapped and used with the hashi_vault lookup plugin or via the API directly.
Can this be used only for secrets within the playbook itself, providing a Vault token to https://docs.ansible.com/ansible/latest/collections/community/hashi_vault/index.html ?