credential associations, lookup etc in awx.

[Raymond Ferguson]

It seems like there has been some discussion regarding how to associate per-host credentials, but I didn't see anything come of it.

It looks possible with something like hashi vault based on templates, credential naming convention, and the hash_vault lookup module, but I don't see anything in AWX functionality to duplicate that functionality without writing my a lookup module, but I suspect the lookup would be pretty convoluted given that it executes on the _task runner which would probably have to lookup the cred id, then submit a new job associate to the cred since it can't request secrets by design.

Hashicorp example is from https://www.ansible.com/blog/ansible-tower-feature-spotlight-custom-credentials and looks something like the following.

---

ansible_user: "{{lookup('plugin','key/{{inventory_hostname}}')}}

Is there a working solution to this that I'm missing?  Maybe a workflow that does the lookup instead of a lookup within the playbook?

Thank you for the feedback.

Ray Ferguson

Enterprise Solutions Developer

Devendor Tech LLC

ray.fe...@devendortech.com

W: 608-960-8090 C: 608-516-9391

ᐧ

[Christopher Meyers]

Ansible lookup in a playbook is the way to go. AWX is only going to help you by protecting and injecting the hashicorp credentials.