hashivault_approle_role_secret – Hashicorp Vault approle role secret id manager

New in version 4.0.0.

Synopsis

• Create, update and delete approle secrets.

Requirements

The below requirements are needed on the host that executes this module.

• hvac>=0.10.1

• ansible>=2.0.0

• requests

Parameters

Parameter	Choices/Defaults	Comments
authtype -	Choices: token userpass github ldap approle Default: "token or environment variable `VAULT_AUTHTYPE`"	authentication type
aws_header -	Default: "to environment variable `VAULT_AWS_HEADER`"	X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
ca_cert -	Default: "to environment variable `VAULT_CACERT`"	Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
ca_path -	Default: "to environment variable `VAULT_CAPATH`"	Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
cidr_list -		Comma-separated string or list of CIDR blocks.
client_cert -	Default: "to environment variable `VAULT_CLIENT_CERT`"	Path to a PEM-encoded client certificate for TLS authentication to the Vault server
client_key -	Default: "to environment variable `VAULT_CLIENT_KEY`"	Path to an unencrypted PEM-encoded private key matching the client certificate
login_mount_point -	Default: "value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"	authentication mount point
metadata -		Metadata to be tied to the secret.
mount_point -	Default: "approle"	mount point for role
name -		secret name.
namespace -	Default: "to environment variable VAULT_NAMESPACE"	namespace for vault
password -	Default: "to environment variable `VAULT_PASSWORD`"	password to login to vault.
secret -		Secret id to be added or deleted. (was secret_id)
state -	Default: "present"	present or absent
token -	Default: "to environment variable `VAULT_TOKEN`"	token for vault
url -	Default: "to environment variable `VAULT_ADDR`"	url for vault
username -	Default: "to environment variable `VAULT_USER`"	username to login to vault.
verify -	Default: "to environment variable `VAULT_SKIP_VERIFY`"	If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
wrap_ttl -		Wrap TTL.

Examples

---
- hosts: localhost
  tasks:
    - hashivault_approle_role_secret:
        name: ashley
        state: present
      register: vault_approle_role_secret_create
    - debug: msg="Role secret id is {{vault_approle_role_secret_create.id}}"

- hosts: localhost
  tasks:
    - hashivault_approle_role_secret:
        name: robert
        state: present
        secret: '{{ lookup("password", "/dev/null length=32 chars=ascii_letters,digits") }}'
      register: vault_approle_role_custom_secret_create
    - debug: msg="Role custom secret id is {{vault_approle_role_custom_secret_create.id}}"

Status

• This module is guaranteed to have backward compatible interface changes going forward. [stableinterface]

• This module is maintained by the Ansible Community. [community]

Authors

• UNKNOWN

Hint

If you notice any issues in this documentation, you can edit this document to improve it.