Configure KV1 modules
If you are using KV1 with community.hashi_vault collection, configure the corresponding modules in the hashicorp.vault collection.
Configure the hashicorp.vault.kv1_secret module
Configuring this module is not required, but you can configure the defaults if needed after the migration.
Procedure
community.hashi_vault. However, you might want to configure something other than the defaults for auth_method and state after the migration. You can use the examples on Ansible automation hub for reference.
Configure the hashicorp.vault.kv1_secret_info module
The hashicorp.vault.kv1_secret_info module reads KV1 secrets.
About this task
The corresponding community.hashi_vault modules are:
community.hashi_vault.vault_kv1_get: Retrieves secrets from the HashiCorp Vault KV version 1 secret store.community.hashi_vault.vault_kv1_get lookup: Retrieves secrets from the HashiCorp Vault KV version 1 secret store.
Procedure
What to do next
Configure the hashicorp.vault.kv1_secret_get lookup plugin
The hashicorp.vault.kv1_secret_get lookup plugin module reads KV1 secrets.
About this task
The corresponding community.hashi_vault modules are:
community.hashi_vault.hashi_vault: Retrieves secrets from HashiCorp Vault.community.hashi_vault.vault_kv1_get lookup: Gets secrets from the HashiCorp Vault KV version 1 secret store.
Procedure
What to do next
Example: hashicorp.vault.kv1_secret_info module
The following migration example shows before and after configurations for the hashicorp.vault.kv1_secret_info module.
Example:
Before (community.hashi_vault)
- name: Read a kv1 secret from Vault (community collection)
community.hashi_vault.vault_kv1_get:
url: https://vault:8201
token: "{{ vault_token }}"
path: hello
register: responseAfter (hashicorp.vault)
- name: Read a kv1 secret from Vault (hashicorp.vault collection)
hashicorp.vault.kv1_secret_info:
url: https://vault.example.com:8201
token: "{{ vault_token }}"
path: sampleExample: hashicorp.vault.kv1_secret_get lookup
The following migration example shows the KV1 secret get lookup.
Example:
Before (community.hashi_vault)
- name: Retrieve a secret from the Vault
ansible.builtin.debug:
msg: "{{ lookup('community.hashi_vault.vault_kv1_get', 'hello', url='https://vault:8201') }}"After (hashicorp.vault)
- name: Retrieve a secret from the Vault
ansible.builtin.debug:
msg: "{{ lookup('hashicorp.vault.kv1_secret_get',
secret='hello',
url='https://myvault_url:8201') }}"