Enabling HashiCorp Vault Lookups in Ansible AWX

Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount

of hosts, it isn’t scalable. Therefore in an effort to increase security and I decided to leverage my HashiCorp Vault implementation.

However, before we can use the HashiCorp Vault lookup plugin we need to prepare our installation. As AWX is based on Docker containers, additional work is required.

Please note: this post is about getting to a place where you can perform the lookup. I’ll write a follow-up piece on how to actually do it at a later date.

Getting Started

Become root on your AWX host and install a Python Virtual Environment:

yum install -y virtualenv

Create a new Python virtual environment (substitute accordingly):

virtualenv /opt/my-envs/hobbitcloud
python3 -m venv /opt/my-envs/hobbitcloud

Install necessary modules:

/opt/my-envs/hobbitcloud/bin/pip3 install psutil

Install the HVAC module:

/opt/my-envs/hobbitcloud/bin/pip3 install -U hvac

Install the HVAC Parser:

/opt/my-envs/hobbitcloud/bin/pip3 install -U hvac[parser]


List your Docker containers to get the ID of awx_task and awx-web:

docker ps

This will list your AWX containers. Take a note of the container ID for the awx_task and awx_web containers:

Copy the virtual environment to each container (substitute accordingly):

docker cp hobbitcloud 53ced1648e06:/var/lib/awx/venv/
docker cp hobbitcloud ac7f9867a735:/var/lib/awx/venv/

In AWX, modify the system configuration (under Settings / System ) to list your new environment:

That’s it!

3 thoughts on “Enabling HashiCorp Vault Lookups in Ansible AWX

  1. Pingback: Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2 | virtualhobbit

  2. Pingback: Managing Windows hosts using Ansible Tower/AWX and SSH | virtualhobbit

  3. Pingback: Technology Short Take 135 - s0x

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.