In order to support SSH ProxyCommand, awx_task container needs to have the SSH key of the jump host. I don’t know a way to make the SSH key usable with a passphrase, so I need to pass to AWX a cleartext SSH key to a secure system which doesn’t make our Security department happy.
Is there a way to authenticate against a jump server with a SSH key that has a passphrase in AWX?
Is there a way passing SSH credentials of a jump host and SSH config using an environment variables? If so then maybe it’s possible to create a custom credential within AWX, rather than setting the SSH key and SSH config via files written to the awx_task container, or am I smoking a pipe of dubious substance?
What we finally have implemented is to store private keys for jump hosts in the AWX servers (we created an “ansible” user in the jump hosts, so we only need to have 1 SSH key) not in AWX credential store.
Unless I misunderstand your solution, it’s the same as mine. You store the jump host’s private key on the AWX host in the awx_task container. I’m not so happy about the solution as it requires storing the private key in clear text somewhere, even on the awx_task container.