提取hashicorp保险库秘密作为Ansible Playbook中的值

发布于 2025-01-24 05:06:49 字数 1072 浏览 4 评论 0原文

我正在尝试使用hashi_vault模块在Ansible playbook中从kv2 Hashicorp vault中提取特定值，

- name: Return specific value from vault
  ansible.builtin.set_fact:
    secret: "{{ lookup('hashi_vault', 'secret=my.secrets/data/dev/heslo:value token=vault-plaintext-root-token url=http://10.47.0.235:8200/')}}"   register: secret

我正在

 {"msg": ""An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The secret my.secrets/data/dev/heslo doesn't seem to exist for hashi_vault lookup"}

的所有秘密来获取查询作品

secret=my.secrets/data/dev/

使用“ hesslo”记录中

      "ansible_facts": {
            "secret": {
                "data": {
                    "heslo": "heslo",
                    "password": "test",
                    "username": "ahoj"
                },

。

原文

I am trying to extract specific value from kv2 hashicorp vault in ansible playbook using hashi_vault module

- name: Return specific value from vault
  ansible.builtin.set_fact:
    secret: "{{ lookup('hashi_vault', 'secret=my.secrets/data/dev/heslo:value token=vault-plaintext-root-token url=http://10.47.0.235:8200/')}}"   register: secret

I am getting

 {"msg": ""An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The secret my.secrets/data/dev/heslo doesn't seem to exist for hashi_vault lookup"}

Query works for all of the secrets in path using

secret=my.secrets/data/dev/

"heslo" record exists in the path

      "ansible_facts": {
            "secret": {
                "data": {
                    "heslo": "heslo",
                    "password": "test",
                    "username": "ahoj"
                },

Thank you in advance

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

岁月打碎记忆 2025-01-31 05:06:49

查找的语法是针对KV1引擎的。我们可以为KV2 Secrets引擎更新它：

- name: Return specific value from vault
  ansible.builtin.set_fact:
    secret: "{{ lookup('hashi_vault', 'secret=my.secrets/data/dev token=vault-plaintext-root-token url=http://10.47.0.235:8200/') }}"

Secret事实将是一个字典，其中包含指定秘密路径my.secrets/data/dagation/dagation/dev 。您可以使用普通语法秘密['Heslo']访问键HESLO的值。

最后，您可能还需要更新到 Ansible的Vault Collection 具有其所有较新功能。

The syntax for your lookup is for the KV1 engine. We can update it for the KV2 secrets engine:

- name: Return specific value from vault
  ansible.builtin.set_fact:
    secret: "{{ lookup('hashi_vault', 'secret=my.secrets/data/dev token=vault-plaintext-root-token url=http://10.47.0.235:8200/') }}"

The secret fact will then be a dictionary containing all of the key value pairs at the specified secrets path my.secrets/data/dev. You can access the value of the key heslo with the normal syntax secret['heslo'].

Finally, you may also want to update to the Vault collection for Ansible with all of its newer features.

回复收藏 0 原文

~没有更多了~