Hey guys,
After researching more and reading some documentation I found a simpler way to use an Ansible playbook to obtain the secret:
- name: GET SECRET FROM ANSIBLE
hosts: localhost
gather_facts: no
tasks:- name: Return all secrets from a path
debug:
msg: “{{ lookup(‘hashi_vault’, ‘secret=network/data/devnet token=hvs.dTyHIkHAhsuh9087HhYoPkO09 url=https://10.10.10.1:8200’)}}”
- name: Return all secrets from a path
Note: to bypass the certificate verification, just add: validate_certs=no after the url, staying in this format:
msg: “{{ lookup(‘hashi_vault’, ‘secret=network/data/devnet token=hvs.RFtmJhr5V9UlmmesEcl5aPo3 url=https://172.16.91.1:8200 validate_certs=no’)}}”
The TLS error was resolved only by generating a self-signed certificate and indicating its CA to the vault.
About port 8201 it was an error in my configuration.
I believe that for my testing environment this playbook is enough, but for a production environment it doesn’t seem right to have the token shown in the playbook, is there a suggestion on how to “hide” this token safely and still be used by the playbook ?
Thank you very much guys!