Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SET-651] Adds support to read secrets from HashiCorp Vault #232

Merged
merged 3 commits into from
Jan 18, 2024
Merged

[SET-651] Adds support to read secrets from HashiCorp Vault #232

merged 3 commits into from
Jan 18, 2024

Conversation

gaol
Copy link
Contributor

@gaol gaol commented Dec 14, 2023
edited
Loading

Issue: https://issues.redhat.com/browse/SET-651

This would be the first PR to add the support to read secrets from a specified HashiCorp Vault instance.

What it does are:

  • Adds a role called vault to read secrets from specified paths in a HashiCorp Vault server. It uses the secret key as the Ansible variable name, and uses the secret value as the Ansbile variable value.
    • The role supports both token and approle authentication method, depending on the environment set up, it will use different authentication approach.
  • Adds community.hashi_vault to the requirements.yml file
  • Update to ssh role to support writing ssh private key files from content besides copying from another file. This is because the private keys are secrets, and they need to be put somewhere in the HashiCorp Vault. The change won't change current behavior unless the variable get updated (ssh_keys -> ssh_keys_content).
  • Adds the molecule tests for vault role

The community.hashi_vault requires hvac python library installed, I don't add that in this PR because I think it is belongs to the playbook change, unless the vault role is used, it is not required.

The subsequent PR will include the vault role as the first task in the pre_tasks section in the playbooks to enable vault access.

@gaol
Copy link
Contributor Author

gaol commented Dec 14, 2023

@rpelisse would you please review ? thanks

@gaol gaol mentioned this pull request Dec 15, 2023
Merged
rpelisse
rpelisse approved these changes Jan 18, 2024
View reviewed changes
Copy link
Collaborator

@rpelisse rpelisse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@rpelisse rpelisse merged commit bab4426 into jboss-set:main Jan 18, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rpelisse rpelisse rpelisse approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gaol @rpelisse