Skip to content

Microsoft Azure Key Vault Microsoft Azure Key Vault: Key Vault

Summary

This module contains actions for reading, creating, & updating secrets in an Azure Key Vault.

PPA Appliance & Vault Requirements

This plugin requires PPA version 2.7.0 or later.

You must have an Azure Key Vault provisioned as a Vault inside PPA to use this plugin.

Azure API Version

This plugin supports Azure Key Vault API version 7.1.

Actions

azure_key_vault.secrets.

read

Read a secret from an Azure Key Vault.

Minimum Plugin Version: 1.0.0

Input

  • name: the name of the secret

  • version: optional secret version to read (defaults to the latest version)

  • key_vault: the name of the Azure Key Vault in PPA (required if multiple Key Vaults are provisioned)

  • reason: task interface audit message (defaults to Task is reading a secret from Azure Key Vault)

Output

A Secret dictionary.

Example

Getting the ansible_runner_key secret & saving it as a new variable called secret:

1
2
3
- azure_key_vault.secrets.read:
    name: ansible_runner_key
  save: secret

azure_key_vault.secrets.

set

Create a new or update an existing secret in an Azure Key Vault.

If no secret exists with the supplied name, a new secret is created.

If a secret already exists with the supplied name, a new version of that secret will be created.

Minimum Plugin Version: 1.0.0

Input

  • name: the name of the secret

  • value: the value of the secret

  • key_vault: the name of the Azure Key Vault in PPA (required if multiple Key Vaults are provisioned)

  • reason: task interface audit message (defaults to Task is setting a secret from Azure Key Vault)

Output

A Secret dictionary.

Example

Creating a secret called ansible_runner_key & saving it as a new variable called secret:

1
2
3
4
- azure_key_vault.secrets.set:
    name: ansible_runner_key
    value: "{{ secret_value }}"
  save: secret