Akeyless Ansible is a collection of Ansible modules and lookup plugins for interacting with Akeyless. It allows you to securely manage secrets and access them within your Ansible playbooks.
This approach involves cloning the source code repository and running the code directly.
- Clone the repository:
git clone [email protected]:akeylesslabs/akeyless-ansible.git cd akeyless-ansible
- Install the required dependencies:
pip install -r requirements.txt
This approach installs the plugin as a Python package from the Python Package Index (PyPI).
pip install akeyless-ansibleThis plugin supports the following Authentication Methods:
Create a Static Secret using Ansible Playbook:
-- name: Create Static Secret
hosts: localhost
tasks:
- name: Get temp token using api_key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: create static secret item
create_static_secret:
akeyless_api_url: 'https://api.akeyless.io'
name: '/Ansible/MyStaticSecret'
value: "AnsibleSecret"
token: '{{ auth_res.data.token }}'
register: responseWhere:
-
name: the name of the Static Secret. -
value: the value of the Static Secret. -
type: The Secret type [genericorpassword]. -
format: The Secret format [text|json|key-value].
Fetch a Static Secret using Ansible Playbook:
-- name: Get secret value
hosts: localhost
tasks:
- name: Get temp token using api_key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: Get item secret value by name
get_static_secret_value:
akeyless_api_url: 'https://api.akeyless.io'
names: '/Ansible/MyStaticSecret'
token: '{{ auth_res.data.token }}'
register: response
- name: Display the results
debug:
msg: "Secret Value: {{ response.data }}"Where:
-
akeyless_api_url: Gateway URL API V2 endpoint i.e.https://Your_GW_URL:8000/api/v2. -
names: The name of the secret.
For a full list of the possible actions, press this link.
The following will fetch a Dynamic Secret named Ansible/MyDynamicSecret:
- name: Get secret value
hosts: localhost
tasks:
- name: Get temp token using api_key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: Get item secret value by name
get_dynamic_secret_value:
akeyless_api_url: 'https://api.akeyless.io'
name: '/Ansible/MyDynamicSecret'
token: '{{ auth_res.data.token }}'
register: response
- name: Display the results
debug:
msg: "Secret Value: {{ response.data }}"Additional parameters for this module can be found in the official Ansible Repository
The following will fetch a Rotated Secret named Ansible/MyRotatedSecret:
- name: Get secret value
hosts: localhost
tasks:
- name: Get temp token using api_key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: Get item secret value by name
get_rotated_secret_value:
akeyless_api_url: 'https://api.akeyless.io'
name: '/Ansible/MyRotatedSecret'
token: '{{ auth_res.data.token }}'
register: response
- name: Display the results
debug:
msg: "Secret Value: {{ response.data }}"The following will issue and fetch an SSH Certificate:
- name: Get certificate value
hosts: localhost
tasks:
- name: Get temp token using api-key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: Get SSH certificate
get_ssh_certificate:
akeyless_api_url: 'https://api.akeyless.io'
cert_issuer_name: "/Ansible/cert_issuer_name"
cert_username: "<Username>"
public_key_data: "<public_key_data>"
token: '{{ auth_res.data.token }}'
register: result
- name: Display the RSA key
debug:
msg: "{{ result.data.data }}"Where:
-
akeyless_api_url: Gateway URL API V2 endpoint i.e.https://Your_GW_URL:8000/api/v2. -
cert_issuer_name: The name of the SSH Certificate Issuer. -
cert_username: The username to sign in the SSH certificate. -
public_key_data: SSH Public Key. -
ttl: Optional, Updated certificate lifetime in seconds (must be less than the Certificate Issuer default TTL). -
legacy_signing_alg_name: Optional, Set this option to output legacy[email protected]signing algorithm name in the certificate.
The following will issue and fetch a PKI certificate:
- name: Get certificate value
hosts: localhost
tasks:
- name: Get temp token using api_key auth method
login:
akeyless_api_url: 'https://api.akeyless.io'
access_type: 'api_key'
access_id: '<Access ID>'
access_key: '<Access Key>'
register: auth_res
- name: Get PKI certificate
get_pki_certificate:
akeyless_api_url: 'https://api.akeyless.io'
cert_issuer_name: "/Ansible/pki_issuer_name"
csr_data_base64: "<csr_data_base64>"
token: '{{ auth_res.data.token }}'
register: result
- name: Display the result of the operation
debug:
msg: "{{ result }}"
- name: Display the RSA key
debug:
msg: "{{ result.data.data }}" Where:
-
akeyless_api_url: Gateway URL API V2 endpoint i.e.https://Your_GW_URL:8000/api/v2. -
cert_issuer_name: The name of the PKI Certificate Issuer. -
csr_data_base64: Certificate Signing Request contents encoded inbase64to generate the certificate with.
Additional parameters for this module can be found in the official Ansible Repository.
python -m pytestLicensed under MIT, see LICENSE