Update to 2024-07-05 17:01

roles/vault_agent/defaults/main/main.yml

@@ -26,9 +26,14 @@ vault_agent_sinks: []
 # List of templates
 vault_agent_templates: []
 # vault_agent_templates:
-#     # Use only one of source or contents
+#     # Use only one of source contents or data can be used
 #   - source: /srv/foo.tpl
 #     contents: "{{ with secret \"kv/bar\" }}{{.Data.data.baz}}{{ end }}"
+#     data: |
+#       [[- with pkiCert "pki/nomad/issue/jenkins" "common_name=jenkins.nomad" ]]
+#       [[ .Cert ]]
+#       [[ .Key ]]
+#       [[- end ]]
 #     destination: /src/foo
 #     left_delimiter = "[["
 #     right_delimiter = "]]"

roles/vault_agent/tasks/conf.yml

@@ -31,3 +31,9 @@
   notify: restart vault-agent
   tags: vault,consul,nomad
 
+- name: Deploy templates
+  copy: content={{ item.data }} dest={{ vault_agent_root_dir }}/templates/ansible/{{ item.destination | regex_replace('/', '_') }}
+  when: item.data is defined
+  loop: "{{ vault_agent_templates }}"
+  notify: restart vault-agent
+  tags: vault,consul,nomad

roles/vault_agent/tasks/directories.yml

@@ -14,5 +14,7 @@
     - dir: bin
     - dir: templates/nomad
     - dir: templates/consul
+    - dir: templates/ansible
+    - dir: templates/custom
   tags: vault,consul,nomad
 

roles/vault_agent/templates/vault-agent.hcl.j2

@@ -51,6 +51,8 @@ template {
   source = "{{ template.source }}"
 {% elif template.contents is defined %}
   contents = "{{ template.contents }}"
+{% elif template.data is defined %}
+  source = "{{ vault_agent_root_dir  }}/templates/ansible/{{ template.destination | regex_replace('/', '_') }}"
 {% endif %}
   destination = "{{ template.destination }}"
 {% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}