Reputation: 1
Storing Ansible Vault password in AWS secret manager and using it when required
I want to store the ansible vault password in aws secret manager and then use the CLI to decrypt the contents in the vault by referencing to the password stored in aws secret manager when required....How can I do that?
I have stored the password as a secret in aws secret manager, but I don't know how to give a reference to the secret using CLI.
I thought using Ansible-vault view --vault-password-file="path" would work. But I dont know how to give access to that path and also make the password secure.
Upvotes: 0
Views: 965
Answers (1)
Reputation: 311238
If the file pointed to by the vault_password_file option is executable, then Ansible will run that file to retrieve the password. That means you can put this in your ansible.cfg:
[defaults]
vault_password_file = ./get-vault-password.sh
And this in get-vault-password.sh:
#!/bin/sh
exec aws secretsmanager get-secret-value \
--secret-id your-vault-secret \
--query SecretString \
--output text
Make the file executable (chmod +x get-vault-password.sh), and as long as you have appropriate AWS credentials loaded in your environment, Ansible will use that script to retrieve the vault password.
Upvotes: 4
Related Questions
- Gtsummary columns for all post hoc pairwise comparisons
- How to build differently a descriptive statistics table by using the gtsummary library
- gtsummary::tbl_summary and unique variable values
- Grouping Rows in GTSummary
- How to add a column of statistics for only one group in gtsummary(tbl_summary)
- Creating a tbl_continuous with weight data using gtsummary
- How to dynamically add variables to gtsummary::tbl_summary() to calculate statistics for continuous variables
- change the summary statistics in gtsummary table
- How to arrange statistics as columns in gtsummary::tbl_summary function?
- R, tbl_summary, treating continuous variables correctly