search

jhaals / ansible-vault

ansible lookup plugin for secrets stored in Vault(by HashiCorp)
BSD 3-Clause "New" or "Revised" License
347 stars 65 forks source link

Install instructions? #50

Closed b-long closed 7 years ago

b-long commented 7 years ago

Hi @jhaals , great plugin!

Would you mind adding some content to the README describing the install process?

jhaals commented 7 years ago

Hi, thanks!

I'll try to add some instructions in a week or two(vacation) On Fri, 21 Jul 2017 at 21:57, Brian Long notifications@github.com wrote:

Hi @jhaals https://github.com/jhaals , great plugin!

Would you mind adding some content to the README describing the install process?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jhaals/ansible-vault/issues/50, or mute the thread https://github.com/notifications/unsubscribe-auth/AAENdGwp2bKdfkq2Nth3fXVP0i2RtG2tks5sQQKOgaJpZM4Of07- .

b-long commented 7 years ago

Cool, I appreciate it 😄 👍 Looking forward to it.

b-long commented 7 years ago

I just figured out one of the many installation options and wanted to propose a "hello world" solution.

1) Create an ansible.cfg file next to a given playbook (e.g. print-secret.yml) :

$ cat ansible.cfg 
[defaults]
lookup_plugins = ./lookup_plugins

2) Create a folder to hold your lookup plugins:

$ mkdir lookup_plugins/

3) Clone this plugin into the directory

$ cd lookup_plugins/
$ git clone https://github.com/jhaals/ansible-vault.git

4) Use the plugin.

Here's an example playbook:

---
- hosts: localhost
  connection: local
  gather_facts: False

  tasks:

  - name: Get a secret from Vault
    debug: msg="{{ lookup('vault', 'secret/digitalocean-api-key', 'value') }}"

Run it as normal: ansible-playbook print-secret.yml, and you'll get the following output:

 [WARNING]: Host file not found: /etc/ansible/hosts

 [WARNING]: provided hosts list is empty, only localhost is available

PLAY [localhost] ***************************************************************

TASK [Get a secret from Vault] *************************************************
ok: [localhost] => {
    "msg": "7872q4cfff396de2c1x7d052bfec4b0d4"
}

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

Truthfully, my opinion is that Ansible itself doesn't explain plugin installation very well. For instance, I think such a description should be more obvious on this page: https://docs.ansible.com/ansible/latest/intro_configuration.html