Ansible Automation Platform (AAP) secrets to scripts.

This repository will show you how pass secrets to a script in a safe and secure way.

Secrets to localhost (AKA the execution environment)

This method creates an environment variable on the execution environment that is used by the python script.

AAP Credential Type configurations

Input configuration

fields:
  - id: DYNATRACE_API_KEY
    type: string
    label: Dynatrace API Token
    secret: true
  - id: freshservice_api_key
    type: string
    label: Fresh Service API Token
    secret: true
required:
  - DYNATRACE_API_KEY

Injector configuration

env:
  DYNATRACE_API_KEY: '{{ DYNATRACE_API_KEY }}'
  freshservice_api_key: '{{ freshservice_api_key }}'

Custom Credential playbook

Secrets to a remotehost method 1

Pass secrets from a vaulted file using vars_files playbook. For this method to work you will need to create a vault credential in your AAP and relate it to your job template.

Example vault contents

dynatrace_api_key: 123456_secrets_are_here

Secrets to a remotehost method 2

Pass secret from an inbeded vault file using vars playbook. For this method to work you will need to create a vault credential in your AAP and relate it to your job template.

Example vault contents

123456_secrets_are_here