-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws secret engine #377
Comments
Probably could use the generic secrets engine module, but I haven't tried it. |
Thank you @TerryHowe for your response and for the work for these ansible/hashicorp vault integration modules. AWS secret engine need a secret engine backend definition (of type aws) like this: vault secrets enable -path=awssample -max-lease-ttl=... -default-lease-ttl=... aws So probably generic vault write awssample/config/root \ access_key=... \ secret_key=... \ region=... and for AWS secret engine it is necessary a vault role to tell vault to create temporary IAM User or assume IAM role: (assume IAM role) vault write awssample/roles/vrole1 \ role_arns=arn:aws:iam::account_id:role/awsrole1 \ credential_type=assumed_role or (create IAM user) vault write awssample/roles/vrole2 \ -explicit-max-ttl=... \ credential_type=iam_user \ policy_document=-<< EOH { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "...", "Resource": "..." } ] } EOH Probably for |
Yeh, once the backend is configured, the normal read and write operations should work fine |
Hi @TerryHowe,
I cannot see explicit module to support (AWS Secrets Engine). Do you provide aws secret engine using another module or do you have a plan to add a module for that ?
The text was updated successfully, but these errors were encountered: