ansible-config/playbooks/vault/create_monitoring_secrets.yml

---
- name: Create monitoring secrets in Vault
  hosts: localhost
  connection: local
  
  vars:
    vault_addr: "http://192.168.0.103:8200"
    vault_token: "hvs.DhQx1U9igYhLfoUHIGtLgqs8"
  
  tasks:
    - name: Create VictoriaMetrics secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/victoriametrics"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.104"
            port: "8428"
            url: "http://192.168.0.104:8428"
            retention_days: "30"
            description: "VictoriaMetrics single instance"
            
    - name: Create Prometheus secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/prometheus"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.105"
            port: "9090"
            scrape_interval: "30s"
            
    - name: Create Grafana secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/grafana"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.106"
            port: "3000"
            admin_user: "admin"
            admin_password: "admin123"
            
    - name: Verify secrets created
      uri:
        url: "{{ vault_addr }}/v1/secret/metadata"
        method: LIST
        headers:
          X-Vault-Token: "{{ vault_token }}"
        return_content: yes
        validate_certs: no
      register: secrets_list
      
    - name: Show created secrets
      debug:
        msg: "Secrets in Vault: {{ (secrets_list.content | from_json).data.keys }}"
Initial commit: Ansible configuration for monitoring stack Contains: - Production inventory (inventories/production/hosts) - VictoriaMetrics installation (playbooks/monitoring/install_victoriametrics.yml) - Vault setup and secrets management (playbooks/vault/) - Base system configuration (playbooks/infrastructure/) - Directory structure for monitoring components 2026-02-02 11:22:24 +00:00			`---`
			`- name: Create monitoring secrets in Vault`
			`hosts: localhost`
			`connection: local`

			`vars:`
			`vault_addr: "http://192.168.0.103:8200"`
			`vault_token: "hvs.DhQx1U9igYhLfoUHIGtLgqs8"`

			`tasks:`
			`- name: Create VictoriaMetrics secret`
			`uri:`
			`url: "{{ vault_addr }}/v1/secret/data/monitoring/victoriametrics"`
			`method: POST`
			`headers:`
			`X-Vault-Token: "{{ vault_token }}"`
			`Content-Type: application/json`
			`body_format: json`
			`body:`
			`data:`
			`host: "192.168.0.104"`
			`port: "8428"`
			`url: "http://192.168.0.104:8428"`
			`retention_days: "30"`
			`description: "VictoriaMetrics single instance"`

			`- name: Create Prometheus secret`
			`uri:`
			`url: "{{ vault_addr }}/v1/secret/data/monitoring/prometheus"`
			`method: POST`
			`headers:`
			`X-Vault-Token: "{{ vault_token }}"`
			`Content-Type: application/json`
			`body_format: json`
			`body:`
			`data:`
			`host: "192.168.0.105"`
			`port: "9090"`
			`scrape_interval: "30s"`

			`- name: Create Grafana secret`
			`uri:`
			`url: "{{ vault_addr }}/v1/secret/data/monitoring/grafana"`
			`method: POST`
			`headers:`
			`X-Vault-Token: "{{ vault_token }}"`
			`Content-Type: application/json`
			`body_format: json`
			`body:`
			`data:`
			`host: "192.168.0.106"`
			`port: "3000"`
			`admin_user: "admin"`
			`admin_password: "admin123"`

			`- name: Verify secrets created`
			`uri:`
			`url: "{{ vault_addr }}/v1/secret/metadata"`
			`method: LIST`
			`headers:`
			`X-Vault-Token: "{{ vault_token }}"`
			`return_content: yes`
			`validate_certs: no`
			`register: secrets_list`

			`- name: Show created secrets`
			`debug:`
			`msg: "Secrets in Vault: {{ (secrets_list.content \| from_json).data.keys }}"`