I'm writing an Ansible script to perform key rotation across my company's Linux estate. We use Azure as a cloud platform and I'm looking to store a backup copy of the public and private keys in Azure Keyvault. The Linux estate itself is hosted on VMWare and isn't part of the Azure cloud.
Using the azure_rm_keyvaultkey I have been able to successfully generate a new key via the Keyvault itself using the code below, but I need the functionality to upload the key I've generated on our local AWX instance instead, and I'm not certain if the module provides this functionality:
- name: Create a key
azure_rm_keyvaultkey:
key_name: "TestKey2"
keyvault_uri: "https://<redacted>.vault.azure.net/"
state: present
#pem_file: "{{ lookup('file', '/tmp/{{ ssh_key_filename }}') }}"
delegate_to: localhost
become: false
There is a pem_file parameter which can be set to a string (the documentation for this module it pretty poor and information for this consists just of a copy of its name), I've tried using this to reference the keyfile I've created as in the commented line above, but this doesn't seem to result in my key being added to the vault.
Does anybody know if it's possible to upload SSH keys via using the azcollection modules?
My backup plan if not is currently to investigate using the shell/command modules in conjunction with the az cli to achieve this.
