I am trying to generate certificates from Hashicorp's Vault with the help of Ansible as described in this link https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_pki_generate_certificate_module.html
my Ansible task:
- name: Login and use the resulting token
community.hashi_vault.vault_login:
# url: http://127.0.0.1:8100
auth_method: token
token_file: /tmp/vault_token
register: login_data
- name: check token
debug:
msg: "{{ login_data }}"
- name: Generate a certificate with an existing token
community.hashi_vault.vault_pki_generate_certificate:
role_name: blinchik_user_cert_ica2
common_name: local-docker-registry.service.brain.consul
url: http://127.0.0.1:8100/v1/pki/brain/v1/ica2/v1/issue
ttl: 5760h
auth_method: token
token: "{{ login_data.login.auth.client_token }}"
register: cert_data
the login part seems to work, However, generating the certificates does not.
error
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Invalid Vault Token Specified."}
I did test the token generated in "{{ login_data }}" and it is a valid token.
With Consul-template, I can generate the certificates in this way:
{{ with secret "pki/brain/v1/ica2/v1/issue/blinchik_user_cert_ica2" "common_name=local-docker-registry.service.brain.consul" "ttl=30536000" }}
{{ .Data.certificate -}}
{{ end }}
any ideas what could be wrong in my configuration?
