Comments (8)
@drewmullen pounding on the keyboard too hard, I didn't realize I had created an issue with no detail;)
from ansible-modules-hashivault.
whats the problem
from ansible-modules-hashivault.
kv 2 requires you start using either data/ or metadata/ right after your secret engine. you can find the hashi docs: https://www.vaultproject.io/docs/secrets/kv/kv-v2.html#acl-rules
i had some issues with using this custom plugin too but we found some workarounds. try tinkering with these as examples and lmk what you find: #62
first thing i recommend you try is secret/data/certifications
from ansible-modules-hashivault.
Indeed, and that works in some cases, i.e. setting a variable can be done like this:
{{ lookup('hashivault', '/secret/data/certificates/cert1.domain.com', 'data')[\"crt\"] }} // this would fetch the `crt` key's value
The above syntax does not work in jinja
templates......
It also looks like hashivault_read
and hashivault_list
do no work in this situation at all.......
If you've had success, I'd love to hear more about said workarounds. I'm willwh
on Freenode IRC if you are there too and want to chat.....
from ansible-modules-hashivault.
i.e. the following doesn't produce a list:
tasks:
- hashivault_list:
secret: 'secret/data/certificates'
register: cert_list
delegate_to: localhost
- debug:
var: cert_list
Which based on my provided vault
CLI command at the top, I'd expect the module to be able to handle this too.
from ansible-modules-hashivault.
I'm just using syntax like this in my jinja templates:
{{ lookup('hashivault', '/secret/data/certificates/STAR.domain.com', 'data')["key"] }}
I don't have time to debug the hashivault_list
issue currently, maybe I can get back to that in a week.
from ansible-modules-hashivault.
For true compatibility, sounds like this module needs to use https://hvac.readthedocs.io/en/latest/usage/secrets_engines/kv_v2.html
from ansible-modules-hashivault.
Closing as dup #68
from ansible-modules-hashivault.
Related Issues (20)
- hashivault_init not work with seal type transit HOT 2
- hashivault_secret_engine should support diff and check
- Possible hvac breaking change HOT 1
- whitelist_externals is deprecated in tox
- auth_method missing return value
- auth_method missing diff support HOT 1
- Policy module is missing check and diff
- oidc_auth_method_config & oidc_auth_role missing diff mode
- hashivault_db_secret_engine_config error using vault server 1.12.x and 1.13.x HOT 9
- Re-add wrap_ttl to hashivault_approle_role_secret HOT 1
- configuring allowed_other_sans parameter in hashivault_pki_role broken HOT 2
- hashivault_secret_engine doesn't support seal wrap HOT 5
- Add coverage for 'userfilter' in hashivault_auth_ldap HOT 2
- Dependency on ansible>=5.0.0 HOT 3
- TLS authentication uses removed method
- hashivault_token_renew: call to client.renew_self_token not working anymore
- https://github.com/TerryHowe/ansible-modules-hashivault/pull/467 breaks installs that use pip based hvac HOT 1
- hashivault_k8s_auth_role does not detect changes in policies
- hashivault_identity_entity_alias didn't have custom_metada parameter HOT 3
- Bug on hashivault_approle_role_secret module HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-modules-hashivault.