ansible-config/playbooks/vault/create_monitoring_secrets.yml

---
- name: Create monitoring secrets in Vault
  hosts: localhost
  connection: local
  
  vars:
    vault_addr: "http://192.168.0.103:8200"
    vault_token: "hvs.DhQx1U9igYhLfoUHIGtLgqs8"
  
  tasks:
    - name: Create VictoriaMetrics secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/victoriametrics"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.104"
            port: "8428"
            url: "http://192.168.0.104:8428"
            retention_days: "30"
            description: "VictoriaMetrics single instance"
            
    - name: Create Prometheus secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/prometheus"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.105"
            port: "9090"
            scrape_interval: "30s"
            
    - name: Create Grafana secret
      uri:
        url: "{{ vault_addr }}/v1/secret/data/monitoring/grafana"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          Content-Type: application/json
        body_format: json
        body:
          data:
            host: "192.168.0.106"
            port: "3000"
            admin_user: "admin"
            admin_password: "admin123"
            
    - name: Verify secrets created
      uri:
        url: "{{ vault_addr }}/v1/secret/metadata"
        method: LIST
        headers:
          X-Vault-Token: "{{ vault_token }}"
        return_content: yes
        validate_certs: no
      register: secrets_list
      
    - name: Show created secrets
      debug:
        msg: "Secrets in Vault: {{ (secrets_list.content | from_json).data.keys }}"