Sync PasswordState to KeyVault
Description
This automation playbook synchronizes credentials from PasswordState to Azure Key Vault. It connects to Azure using a service principal, locates Key Vaults by tags or environment, and retrieves passwords from PasswordState.
The playbook updates or creates secrets in the corresponding Key Vaults, ensuring that only the latest credentials are present. It also removes secrets from Key Vaults if they no longer exist in PasswordState. The process is controlled by parameters for force sync, password list ID, environment, and credentials, providing flexible and secure synchronization between systems.
Credentials
- sys_ansible_windows
- sys_ansible_keyvault
Input
| Variable | Description |
|---|---|
force_sync |
Force update of secrets even if unchanged |
password_list_id |
PasswordState list ID to sync |
keyvaultenv |
Azure environment for Key Vault selection |
tenant_id |
Azure tenant ID |
subscription_id |
Azure subscription ID |
passwordstate_url |
URL of the PasswordState instance |
credential_name |
Name of the credential in PasswordState |
Output
None