Protecting the AWX SECRET_KEY

,

Hello All,

I’m curious how others are safeguarding the “SECRET_KEY”, either in AWX or AAP beyond the default of having it in a permissions-restricted plaintext file.

The docs mention that the file can be replaced with python code to retrieve the secret but leaves the details up to the imagination of the reader. Is anyone doing anything interesting with that?

Thanks

I’d look at Ansible Vault for smaller setups (few users) and Hashicorp Vault for any other.