Ansible / AAP#
There are two main ways to utilize Vault with AAP. Refer to the following table for a comparison of the two AAP credential types. In general the HashiCorp Vault Secret Lookup will be used to lookup machine and source control credentials in AAP whereas UMN HCP Vault alongside community.hashi_vault to read/write secrets within the actual ansible code.
HashiCorp Vault Secret Lookup |
UMN HCP Vault |
|
|---|---|---|
| Utilized to look up Vault secrets to be utilized by AAP Credentials | Utilized by community.hashi_vault ansible module to retrieve secrets in the ansible playbook | |
| Works with AAP |  |
|
| Works with Ansible (CLI) | |
|
| Read secrets | |
|
| Write secrets | |
|
| Utilize secrets for AAP credentials | |
|
| Use approle for auth | |
|
If you would like to run ansible locally with your user's permissions follow this article
If you would like to run ansible from AAP with an approle, follow this article