0

In Ansible AWX I created a Vault-credential (named: user-pw). Now I want to use that password in a playbook. But it doesn't work.

I created a template, add the Vault-credential (at the credential input). In the playbook I used the variable "{{ user-pw }}" at the place where the password should be.

What am I doing wrong? How do I get the AWX Vault password in the playbook as a variable?

This is the vault credential screen: Vault credential

And this is the template screen: Template

And this is the test playbook:

---
- name: Vaulttest
  hosts: win

  tasks:
    - name: View user pw
      debug:
        msg: "{{ user-pw }}"

Thanks in advance!

ND90
  • 55
  • 1
  • 2
  • 8

2 Answers2

1

Found it! I used custom credentials the wrong way.

I created a complete new custom credential (under Administration - Credential Types).

Input configuration:

fields:
  - id: pass
    type: string
    label: password
    secret: true
required:
  - pass

Injector configuration:

extra_vars:
  pass: '{{pass}}'

Then I created the credential with the custom credential. Filled in the password.

Use the password variable in a playbook like this:

- name: Test
  module:
    username: testuser
    password: "{{ pass }}"

At last, add the custom credential to the template.

ND90
  • 55
  • 1
  • 2
  • 8
0

According the very minimal description it seems to be the correct approach for using Credentials, even Vault.

To debug Custom Credential Types I am using usually

- hosts: localhost
  gather_facts: yes

  tasks:

  - name: Get environment
    debug:
      msg: "{{ ansible_env }}"

resulting into an output of

TASK [Get environment] *********************************************************
ok: [localhost] => {
    "msg": [
        {
            ...
            "TEST_ACCOUNT_PASSWORD": "test_password", 
            "TEST_ACCOUNT_NAME": "test_account", 
            ...
        }
        ...

if such Custom Test Credentials are configured. This is working for AWX/Tower. You can then follow up with

U880D
  • 8,601
  • 6
  • 24
  • 40
  • Thanks for the reply, but when I use "{{ ansible_env }}" it shows a lot of info but not the password I set at the vault. I edited my post with some more info. – ND90 Feb 24 '22 at 15:05
  • @ND90, I see, after a short test I've got the same behavior. Going to setup an other test, which might take some time. Just to note, in your screenshot the Vault password name is `userpw`, whereby it is in your playbook `user-pw`. It is recommended to **not** use dashes in variable names at all. You may switch to `_` instead. – U880D Feb 24 '22 at 16:03
  • Alright, removed the dashes. Didn't know that! – ND90 Feb 25 '22 at 14:58