From cefdd12177bd0bba735dec5471b3c6ff80223152 Mon Sep 17 00:00:00 2001 From: hygienic-books Date: Fri, 23 Sep 2022 22:51:00 +0200 Subject: [PATCH] docs(ansible): Rewrite Ansible section to mention creation of not only entity and alias(es) but also a userpass user (#1) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3cd8b04..1c90946 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ Get the Vault command-line client via [vaultproject.io/downloads](https://www.va * Optionally [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl) gets you started with read-only secrets access for example for a config management tool like Ansible. - You'll want to create an Ansible entity with an alias, create both a `token` and a `userpass` alias and use the latter one to authenticate against Vault to retrieve a token. You'll likely want a distinct group where your Ansible entity becomes a member and which uses a policy such as the example at [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl). + You'll want to create an Ansible entity with an alias and create both a `token` and a `userpass` alias. Lastly within the `userpass` auth method create a user of the same name used for both the entity and its aliases and use that user to authenticate against Vault. Retrieve a token. You'll likely want a distinct group where your Ansible entity becomes a member and which uses a policy such as the example at [policies/role-cfgmgmt/cfgmgmt.hcl](policies/role-cfgmgmt/cfgmgmt.hcl). From here on out it's just more of what you already did, feel free to make this fit your own approach.