toying with the idea of calling hashicorp after the playbook runs

playbook_configure_machine.yml

@@ -22,6 +22,9 @@
     - name: "20: SYSTEM CONFIGURATION"
       ansible.builtin.include_tasks: "tasks/tasks_machine_configuration.yml"
 
+    - name: "30: POST PLAYBOOK HOOK"
+      ansible.builtin.include_tasks: "tasks/tasks_upload_wireguard_server_keys.yml"
+
     - name: "debug"
       ansible.builtin.debug:
-        msg: "Public Key: {{ vpn_public_key_content }}\nPrivate Key: {{ vpn_private_key_content }}"
+        msg: "Public Key: {{ vpn_public_key_content }}\nPrivate Key: {{ vpn_private_key_content }}"

tasks/tasks_upload_wireguard_server_keys.yml

@@ -0,0 +1,4 @@
+
+---
+- name: "00: Determine Variable Validation task set"
+  ansible.builtin.include_tasks: "tasks/tasks_upload_wireguard_server_keys/{{ secrets_provider }}/tasks_upload_wireguard_server_keys.yml"

tasks/tasks_upload_wireguard_server_keys/hashicorp/tasks_upload_wireguard_server_keys.yml

@@ -0,0 +1,13 @@
+- name: "00: Upload the wireguard public and private keys to Hashicorp vault"
+  delegate_to: "127.0.0.1"
+  ansible.builtin.uri:
+    url: "https://{{ lookup('ansible.builtin.env', 'SECRETS_PROVIDER_URL') }}/v1/secret/data/WG_SERVER_KEYPAIR"
+    method: "POST"
+    body_format: "json"
+    headers:
+       Authorization: "Bearer {{ lookup('ansible.builtin.env', 'SECRETS_PROVIDER_API_KEY')}}"
+    body:
+      data:
+        public: "{{ lookup('ansible.builtin.env', 'WG_SERVER_PUBLIC_KEY')}}"
+        private: "{{ lookup('ansible.builtin.env', 'WG_SERVER_PRIVATE_KEY')}}"
+        type: "wireguard"