CODEWITHSUNDEEP
amazon-web-servicesansibleaws-secrets-manager
shan
shan

Reputation: 115

How do you set key/value secret in AWS secrets manager using Ansible?

The following code does not set the key/value pair for secrets. It only creates a string. But I want to create key/value and the documentation does not even mention it....

- hosts: localhost
  connection: local
  gather_facts: no
  tasks:
    - name: Add string to AWS Secrets Manager
      aws_secret:
        name: 'testvar'
        state: present
        secret_type: 'string'
        secret: "i love devops"
      register: secret_facts
    - debug:
        var: secret_facts

Upvotes: 0

Views: 4065

Answers (3)

Haazeel
Haazeel

Reputation: 1

I hope you find a solution for your problem, but i find in the doc the arguments json_secret to switch with secret_type: and secret:

Something like that: secret manager can make conversion in k/v and string afert

json_secret: 
  url: "{{private_link}}" 
  port: "{{access}}"
  username: "{{item.item.user}}"
  password: "{{item.item.password}}"
  database: "{{database}}"

Upvotes: 0

Greg
Greg

Reputation: 166

While the answer here is not "wrong", it will not work if you need to use variables to build your secrets. The reason is when the string gets handed off to Jinja2 to handle the variables there is some variable juggling that goes on which ends in the double quotes being replaced by single quotes no matter what you do!

So the example above done with variables:

secret: "{\"username\":\"{{ myusername }}\",\"password\":\"{{ mypassword }}\"}"

Ends up as:

{'username:'bob','password':'abc123xyz456'}

And of course AWS fails to parse it. The solution is ridiculously simple and I found it here: https://stackoverflow.com/a/32014283/896690

If you put a space or a new line at the start of the string then it's fine!

secret: " {\"username\":\"{{ myusername }}\",\"password\":\"{{ mypassword }}\"}"

Upvotes: 2

Chris Williams
Chris Williams

Reputation: 35146

IF this matches anything like the Secrets Manager CLI then to set key values pairs you should expect to create a key value pair like the below:

- hosts: localhost
  connection: local
  gather_facts: no
  tasks:
    - name: Add string to AWS Secrets Manager
      aws_secret:
        name: 'testvar'
        state: present
        secret_type: 'string'
        secret: "{\"username\":\"bob\",\"password\":\"abc123xyz456\"}"
      register: secret_facts
    - debug:
        var: secret_facts

Upvotes: 2

Related Questions