- name: 'Get secrets' no_log: 'true' loop_control: loop_var: 'server' with_community.hashi_vault.vault_kv2_get: - '{{ inventory_hostname | split(".") | reverse | join("/") }}/os/{{ reset_password_for_account }}/creds' ansible.builtin.set_fact: vault_data: '{{ server.secret }}' - name: 'If a secret is missing fail progress' include_role: name: '10-include-40-check-if-vault-var' vars: - inc_vault_data: '{{ vault_data }}' - fail_check: - 'password' - 'password_salt' - name: 'Set fact new OS local account password' no_log: 'true' ansible.builtin.set_fact: os_acc_pwd: '{{ vault_data.password }}' os_acc_salt: '{{ vault_data.password_salt }}' - name: 'Set local OS account password' ansible.builtin.user: name: '{{ reset_password_for_account }}' password: '{{ os_acc_pwd | string | password_hash(''sha512'', os_acc_salt) }}' update_password: 'always'