Skip to content

Local Ansible CLI Integration#

When running ansible playbooks locally via the ansible CLI, one option is to utilize your own vault permissions to retrieve (or write) secrets with the community.hashi_vault collection. Using this method does not require a specific approle or policy to be setup in Vault as you use your own SAML based authentication and matching policy to interact with Vault.

  1. Install the following pre-requisites

    Bash Session
    pip install hvac
ansible-galaxy install community.hashi_vault

  2. Set the following environmental variables

    Bash Session
    export ANSIBLE_HASHI_VAULT_ADDR=https://hcp-vault-private-vault-fc507e0d.5d5b1f21.z1.hashicorp.cloud:8200
export ANSIBLE_HASHI_VAULT_NAMESPACE=admin/<CESI>

  3. Login to vault (login token will be good for 1hr)

    Bash Session
    vault login --method=saml --namespace=admin

  4. Use the community.hashi_vault collection. See this example playbook.