Lost in external secrets battle please help!

,

Hello! I have been using AWX for over 4 years now and have seen much improvement along the way.

Something that is a bit unclear is how to utilize AWS Secrets Manager for a machine credential. That way - it pulls the password prior to runtime every time when executing a playbook. Then we are able to safely say that the password is never stored but rather is lookedup every time.

To make it easier for my users I would love to create a custom credential type they can leverage for AWS Secrets similar to Vault or Hashicorp. Is this possible? I am a bit lost on how to build it from scratch.

Thank you again for your help!

Hi, it is not currently possible to do the lookups for AWS Secrets Manager. A new credential plugin would need to be written to handle this, similar to the way we do lookups for hashivault credentials

see the hashivault implementation here https://github.com/ansible/awx/blob/devel/awx/main/credential_plugins/hashivault.py

Feel free to open an RFE on AWX Github, and as always, a PR with this implementation would be welcomed and reviewed by the AWX Team.

AWX Team

we have some code to test but not sure how to really apply it in our eks cluster - do you have a way for us to test the code or could we share with someone from the awx team?

The easiest way to test your code change is to use the docker based development environment. From within the awx repo you can run “make docker-compose” and it will start an AWX instance locally with your code changes.

Alternatively, you can build a k8s compatible AWX image using the “make awx-kube-build” command. Push the resulting image to a public repository like quay.io and then tell the awx-operator to use that AWX image.

AWX Team