-
SUMMARYhttps://developer.hashicorp.com/vault/tutorials/hcp-vault-secrets-get-started I did some testing. I looks like the ansible modules are not designed to work with hcp-vault-secrets out of the box. ISSUE TYPE
COMPONENT NAMEcommunity.hashi_vault.vault_login <- seems to not able to use the oauth endpoint https://auth.hashicorp.com/oauth/token |
Beta Was this translation helpful? Give feedback.
Replies: 8 comments 7 replies
-
Hi @xrow , I don't have access to HCP Vault to run any tests myself, and you haven't included the actual Ansible tasks you're running so it's a bit hard to tell, but my first guess would be that you're missing the namespace. HCP Vault uses namespaces, and I think the default namespace is All of the content in this collection that interacts with Vault takes a If you have some further information to go on, I can try to help from there. |
Beta Was this translation helpful? Give feedback.
-
About the namespace parameter: This is the url to get a serect. it looks like i would need to set export ANSIBLE_HASHI_VAULT_NAMESPACE="/secrets/2023-06-13/organizations/147d4839-53ce-41bc-910e-4a4c3cce9ec6/projects/8eda565f-d207-45f6-adb3-a8b7f08ee338"
|
Beta Was this translation helpful? Give feedback.
-
HCP Vault is some API around vault I guess. At the new API least it is documented ;-) https://developer.hashicorp.com/hcp/api-docs/vault-secrets |
Beta Was this translation helpful? Give feedback.
-
@briantist |
Beta Was this translation helpful? Give feedback.
-
Ok to let you know for my current case I will swtich back to the normal vault for now. |
Beta Was this translation helpful? Give feedback.
-
Spent the better part of the day trying to lookup secrets from HCP in Ansible... |
Beta Was this translation helpful? Give feedback.
-
maybe this helps
|
Beta Was this translation helpful? Give feedback.
Support for HCP Vault Secrets is something I would consider in-scope for this collection, but because it's a completely new API, that does add a considerable amount of work for properly adding support. By contrast, adding additional Vault features in the standard Vault API is relatively lightweight since we have so much supporting code around it.
That being said, this collection is essentially a wrapper around the
hvac
python package, so that is where the support should actually be added first. I also maintain that package, and much of what I said above about there being a fair bit of initial work to support it also holds true in adding the support tohvac
, but that would be the way to go…