Hi,
I am using Ansible along with HashiCorp’s Vault to store sensible data.
I will be weekly sending a Secret_ID to each server, in order for them to get a token. With this token, they can access the contents of the Vault.
The problem is that we must send a secret ID per host, and they can only be generated in the server where Ansible is installed.
So here is my current Ansible Playbook file:
I’ve tried with another file, like this, without success:
Do you mean that you need to create a uniq secret for each server with the command
vault write -f auth/approle/role/my_role/secret-id -format=json | jq '.data.secret_id' ?
Or create one secret that get sent to all the server?
Currently as the script is displayed, it creates 1 and send it all to all of the servers.
But the requirements are to give each one its own secret_id, so if I have 3 servers, I need to create 3 different secret_id and send them!
Then you need to run both task for all the host and with delegate_to you can run the task on localhost, but the variable will be registered on the remote host.
Didn’t know about that function! Thank you so much.