AWX on Docker minikube / Ansible-Vault question

Complete “Noob” warning:

I’ve got my AWX running on a VMWare server in our test env. Installed and deployed with a docker/minikube instance. I’m running test playbooks from inside of AWX, and learning as I go. My noob question (and I have been poking around this “Get Help” section) is:
When I try to use Ansible command line from either the VM where all of my playbooks reside, or even after I ssh into the minikube guest VM, as the root user, or as the docker user… I don’t seem to be able to use any Ansible command line at all. I specifically would like to test out using Ansible-Vault to see how encrypting SSH keys with Ansible-Vault might go with some of my playbooks. So that’s my question should I install Ansible on the VM or inside the minikube container? Only asking because those ssh keys that (currently) live on the AWX controller server remain unencrypted. I could put a passphrase on them I suppose (and on some I have) but I am wondering about how to run Ansible-Commands on either the vm or the container VM, (if possible/advisable)?
Thank you much!

P.S. Also wondering …since passphrases, and ssh keys are already encrypted in AWX, if I still need to vault them on the server? Again it’s a testing environment, so not a huge deal at the moment but in a Prod env. We might need some other solutions. Thank you in advance!

I just wrote something about using ansible vault in AWX. It’s just a short rambling but hopefully it helps GitHub - TheRealHaoLiu/demo-awx-vaulted-vars: How to use vaulted vars in AWX - a not very good guide

In AWX ansible playbooks are executed via “execution environment” awx will prepare everything that’s need to run the playbook than pipe it into a job pod using the execution environment and that runs the playbook

You dont need to vault the ssh keys or any other credentials because they are access controlled within awx but if u want to add another layer of security vault is good option

Also like the example in the thing I linked earlier. if you some vars in your inventory source to be encrypted vault would be the right tool

1 Like

Awesome!! I’ll take a look at your GitHub post! Thank you!!