https://github.com/ericcames/aap.secrets-scripts
In here you will learn how to safely pass secrets from Ansible Automation Platform to a script.
https://github.com/ericcames/aap.secrets-scripts
ansible ansible-code-bot-scan ansible-playbook
Last synced: 2 months ago
JSON representation
In here you will learn how to safely pass secrets from Ansible Automation Platform to a script.
- Host: GitHub
- URL: https://github.com/ericcames/aap.secrets-scripts
- Owner: ericcames
- License: mit
- Created: 2024-05-17T15:46:44.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-31T16:54:08.000Z (about 2 years ago)
- Last Synced: 2026-05-01T02:34:20.208Z (2 months ago)
- Topics: ansible, ansible-code-bot-scan, ansible-playbook
- Language: Python
- Homepage: https://github.com/ericcames/aap.secrets-scripts
- Size: 477 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Ansible Automation Platform (AAP) secrets to scripts.
=========
This repository will show you how pass secrets to a script in a safe and secure way.
Secrets to localhost (AKA the execution environment)
=========
This method creates an environment variable on the execution environment that is used by the python script.
AAP Credential Type configurations
------------
Input configuration
```yaml
fields:
- id: DYNATRACE_API_KEY
type: string
label: Dynatrace API Token
secret: true
- id: freshservice_api_key
type: string
label: Fresh Service API Token
secret: true
required:
- DYNATRACE_API_KEY
```
Injector configuration
```yaml
env:
DYNATRACE_API_KEY: '{{ DYNATRACE_API_KEY }}'
freshservice_api_key: '{{ freshservice_api_key }}'
```
[Custom Credential playbook]( https://github.com/ericcames/aap.secrets-scripts/blob/main/playbooks/python_secrets_localhost.yml "Custom Credential playbook")



Secrets to a remotehost method 1
=========
Pass secrets from a vaulted file using
[vars_files playbook]( https://github.com/ericcames/aap.secrets-scripts/blob/main/playbooks/python_secrets_remotehost_method_1.yml "var_files playbook"). For this method to work you will need to create a vault credential in your AAP and relate it to your job template.

Example vault contents
------------
```yaml
dynatrace_api_key: 123456_secrets_are_here
```
Secrets to a remotehost method 2
=========
Pass secret from an inbeded vault file using
[vars playbook]( https://github.com/ericcames/aap.secrets-scripts/blob/main/playbooks/python_secrets_remotehost_method_2.yml "vars playbook"). For this method to work you will need to create a vault credential in your AAP and relate it to your job template.

Example vault contents
------------
```yaml
123456_secrets_are_here
```