azure icon indicating copy to clipboard operation
azure copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Does azcollection/azure_rm_keyvaultkey support the ability to upload externally generated SSH keys to Keyvault?

Open alexw-z opened this issue 3 years ago • 3 comments

Hi

I'm not quite sure if this is a documentation query, a feature request or a general question to be honest, but I'm writing an Ansible script to perform key rotation across my company's Linux estate and having some difficulty with trying to add some SSH Keys to Azure Keyvault using the azcollection modules.

We use Azure as a cloud platform and I'm looking to store a backup copy of the public and private keys in Azure Keyvault. The Linux estate itself is hosted on VMWare and isn't part of the Azure cloud.

Using the azure_rm_keyvaultkey module I have been able to successfully generate a new key via the Keyvault itself using the code below, but I need the functionality to upload the key I've generated on our local AWX instance instead, and I'm not certain if the module provides this functionality:

- name: Create a key
  azure_rm_keyvaultkey:
    key_name: "TestKey2"
    keyvault_uri: "https://<redacted>.vault.azure.net/"
    state: present
    #pem_file: "{{ lookup('file', '/tmp/{{ ssh_key_filename }}') }}"
  delegate_to: localhost
  become: false

There is a pem_file parameter which can be set to a string (the documentation for this module is pretty sparse and information for this parameter consists just of a copy of its name), I've tried using this to reference the keyfile I've created as in the commented line above, but this doesn't seem to result in my key being added to the vault.

Can I please query if I'm understanding this parameter correctly and/or if the azcollection supports the functionality to upload externally generated keys? If not, could I propose it as a feature request?

Many thanks.

Alex Walker.

alexw-z avatar Oct 11 '22 11:10 alexw-z

there is a function providing import functionality here https://github.com/ansible-collections/azure/blob/dev/plugins/modules/azure_rm_keyvaultkey.py#L289 but it seems it is not called anywhere, that could be the issue

andreadecorte avatar Oct 11 '22 20:10 andreadecorte

@alexw-z I am checking this problem and I will reply to your question as soon as possible! Thank you very much!

Fred-sun avatar Oct 11 '22 23:10 Fred-sun

Many thanks @Fred-sun, appreciated :)

A.

alexw-z avatar Oct 12 '22 08:10 alexw-z

Hi @Fred-sun, apologies in advance for the chaser, did you get a chance to look at this yet at all?

Many thanks.

A.

alexw-z avatar Dec 05 '22 13:12 alexw-z

@alexw-z Yes, I will see it first! Thanks!

Fred-sun avatar Dec 06 '22 00:12 Fred-sun