AWX Key-Value Secret Setup
Jump to navigation
Jump to search
Contents
1 Overview
- Version: awx 20.0.1
HowTo store key-value secrets in awx and pass them to the playbooks
2 AWX Configuration
2.1 Credential Type
- AWX > Administration > Credential Types > Add
- Name: kv
- Input configuration: YAML
fields:
- id: username
type: string
label: Username
- id: password
type: string
label: Password
secret: true
required:
- username
- password
- Injector configuration: YAML
extra_vars:
KV_PASSWORD: '{{ password }}'
KV_USERNAME: '{{ username }}'
2.2 Create Test Credential
- AWX > Resources > Credentials > Add
- Name: test-kv
- Type: kv
- Username: myuser
- Password: mypass
2.3 Create Demo Playbook
Create Project with Github Repo and load it into AWX
- AWX > Resources > Projects > Add
- Name: Bitbull Ops
- var_secret.yml
---
- hosts: linux.domain.local
tasks:
- name: debug vars
debug:
msg: "key1: {{ key1 }} --- value1: {{ value1 }}"
...
2.4 Create Template Job
- AWX > Resources > Templates > Add > Job Template
- Name: DEBUG Variables
- Project: Bitbull Ops
- Playbook: var_secret.yml
- Credentials: "YOUR SSH CREDS" + "test-kv"
- Variables: YAML
---
key1: "{{ KV_USERNAME }}"
value1: "{{ KV_PASSWORD }}"
2.4.1 Run Playbook
Output example:
Enter passphrase for /runner/artifacts/228/ssh_key_data:
Identity added: /runner/artifacts/228/ssh_key_data (xxxxx)
PLAY [linux.domain.local] **************************************************
TASK [Gathering Facts] *********************************************************
ok: [linux.domain.local]
TASK [debug vars] **************************************************************
ok: [linux.domain.local] => {
"msg": "key1: myuser -- value1: mypass"
}
PLAY RECAP *********************************************************************
linux.domain.local : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
