ansible-modules-hashivault icon indicating copy to clipboard operation
ansible-modules-hashivault copied to clipboard

Published 20 hours ago verified publisher icon TerryHowe

Key in write data does not expand

Open michalmedvecky opened this issue 7 years ago • 7 comments

Sample:

- hosts: localhost
  vars: 
    - key: "key123"
    - value: "value123"
  tasks:
    - hashivault_write:
      secret: "/cesta/k/jebnutemu/secretu"
        data:
          "{{ key }}": "{{ value }}"

$ vault read /cesta/k/jebnutemu/secretu
Key                    Value
---                    -----
refresh_interval       168h0m0s
{{ key }}              value123

michalmedvecky avatar Mar 12 '17 21:03 michalmedvecky

I've seen this before and it is really an ansible issue:

https://github.com/ansible/ansible/issues/17324

On Sun, Mar 12, 2017 at 3:11 PM, michalmedvecky [email protected] wrote:

Sample:

  • hosts: localhost vars:
    • key: "key123"
    • value: "value123" tasks:
    • hashivault_write: secret: "/cesta/k/jebnutemu/secretu" data: "{{ key }}": "{{ value }}"

$ vault read /cesta/k/jebnutemu/secretu Key Value

refresh_interval 168h0m0s {{ key }} value123

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/TerryHowe/ansible-modules-hashivault/issues/9, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGWsTB7evuKK2ItSuSFd5MMl94N_mz6ks5rlF99gaJpZM4MarUw .

TerryHowe avatar Mar 12 '17 23:03 TerryHowe

Okay for desperates like me, one can do

- hosts: localhost
  vars: 
    - key: "key123"
    - value: "value123"
  tasks:
    - hashivault_write:
      secret: "/cesta/k/jebnutemu/secretu"
        data:
          "{'{{ key }}': '{{ value }}'}"

michalmedvecky avatar Mar 13 '17 10:03 michalmedvecky

In theory this should work too:

- hosts: localhost
  vars: 
    - key: &key "key123"
    - value: "value123"
  tasks:
    - hashivault_write:
      secret: "/cesta/k/jebnutemu/secretu"
        data:
          *key: "{{ value }}"

TerryHowe avatar Mar 13 '17 15:03 TerryHowe

Hard to use with with_items though

michalmedvecky avatar Mar 14 '17 10:03 michalmedvecky

Reopening this to document this common issue

TerryHowe avatar Nov 05 '20 02:11 TerryHowe

For info, I used this way:

- hosts: localhost
  vars: 
    - key: "key123"
    - value: "value123"
  tasks:
  - hashivault_write:
      secret: my-secret
      data: "{{ my_new_data }}"
      version: 2
    vars:
      my_new_data: "{{ {key:value} }}"

you can even loop with that I guess

absynth76 avatar Jun 29 '21 09:06 absynth76

we can use set_fact to fix this like this.

@TerryHowe @absynth76 @michalmedvecky

  tasks:
    - set_fact:
        vaultdata: "{{ vaultdata | default({}) | combine ({ item.name : item.value }) }}"
      with_items:
        - "{{envs}}"
    - name: add secrets in hashicorp vault
      hashivault_secret:
        version: 2
        secret: "{{env}}/tyk"
        data: "{{vaultdata}}"

Bharathkumarraju avatar Jun 22 '22 02:06 Bharathkumarraju