0

I am able to connect to Azure using Ansible by putting my service principle details into the credentials file stored in ~/.azure/credentials

That was OK for development, now (in production) I want to move away from using the text credentials file and pass the credentials to Ansible via the command-line via parameters.

How should this be done? Any help is appreciated - thanks

I have tried:

ansible-playbook -i ./dev-env/epazure_rm.yml ./dev-env/site.yml -vvvv -u adminuser --extra-vars "AZURE_SUBSCRIPTION_ID=XXX AZURE_CLIENT_ID=XXX AZURE_SECRET=XXX AZURE_TENANT=XXX"

My Azure Dynamic Inventory plugin file looks like this

    --- 
plugin: azure_rm
include_vm_resource_groups: 
  - rg-devdonal-eastus01
auth_source: auto
subscription_id: "{{ AZURE_SUBSCRIPTION_ID }}"
client_id: "{{ AZURE_CLIENT_ID }}"
secret: "{{ AZURE_SECRET }}"
tenant: "{{ AZURE_TENANT }}"

keyed_groups:
- prefix: tag
  key: tags
donal
  • 163
  • 2
  • 4
  • 13
  • Any more questions for the issue? Does it solve your problem? – Charles Xu Aug 20 '20 at 02:42
  • Thank you so much. I have been able to use the 'pass environment variable' method. My concern with this method is security: anyone with access to the environment will be able to read the sensitive service principle details. Ideally I'd like the scope of the details to be available only for as long as the Ansible command needs them, then destroyed. I could overwrite the env vars after Ansible is finished using them, but im curious if there is a more elegant solution? Thanks once again for your time and help in sharing your knowledge. – donal Aug 24 '20 at 13:15
  • As I know there is no more elegant solution if you use the environment variable. All things always have the inconvenience. – Charles Xu Aug 25 '20 at 01:32

1 Answers1

1

You can use the environment variables for the credential and then read the variables from the environment, here is the example:

- debug: msg="{{ lookup('env','HOME') }} is an environment variable"

And there is also another issue shows the example.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39