fix: retrieve vault entries by ID to ensure permission for secret access (#9)

DannyBedard · web-flow · commit 2f99cbe00975 · 2025-01-06T14:24:10.000-05:00
diff --git a/.github/workflows/galaxy_publish.yml b/.github/workflows/galaxy_publish.yml
@@ -2,6 +2,7 @@ name: Publish to Ansible Galaxy
 
 on:
   release:
+    types: published
   workflow_dispatch:
 
 jobs:
diff --git a/README.md b/README.md
@@ -89,7 +89,7 @@ Use the following playbook to authenticate with DVLS and fetch every secrets fro
     server_base_url: "https://example.yourcompany.com"
     app_key: "{{ lookup('env', 'DVLS_APP_KEY') }}"
     app_secret: "{{ lookup('env', 'DVLS_APP_SECRET') }}"
-    register: server
+  register: server
 
 - name: Fetch URI
   debug:
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: devolutions
 name: dvls
-version: 1.1.0
+version: 1.1.1
 readme: README.md
 authors:
 - Danny Bédard <devops@devolutions.net>
diff --git a/plugins/modules/fetch_secrets.py b/plugins/modules/fetch_secrets.py
@@ -145,8 +145,9 @@ def run_module():
                     entry = get_vault_entry(server_base_url, token, vault_id, secret_id)
                     fetched_secrets[secret_name] = entry['data']
         else:
-            for entry in entries:
-                entry_name = entry['name']
+            for secret in entries:
+                entry_name = secret['name']
+                entry = get_vault_entry(server_base_url, token, vault_id, secret['id'])
                 fetched_secrets[entry_name] = entry['data']
 
         result = fetched_secrets
