Keeping vaults updated in a dynamic environment with frequent infrastructure changes can be tedious, especially when provision and deprovision are automated. Manual updates are time-consuming and often lead to errors while copy-pasting. This problem grows once everything else is automated.

We’re excited to introduce Termius integration with Ansible. With just a simple playbook, you can automate the import of hosts and groups, ensuring your vault always reflects the latest infrastructure changes. Let's get started with the setup!

Setup Integration

Step 1: Setup API Bridge

To automate host creation with Ansible, first set up Termius API Bridge. Since all the data in your Termius vaults is end-to-end encrypted, we can't provide an API Endpoint that will accept plain text data. API Bridge is a Docker container that you host in your environment. This container provides a REST API that accepts information about your infrastructure, encrypts it locally, and pushes data to your Termius Vault.

API Bridge is available to Team plan and Team trial users.

Step 2: Install Ansible Role

Once API Bridge is running, install Termius Ansible role from Ansible Galaxy using the command:

ansible-galaxy install termius.termius

Step 3: Modify Your Provisioning Playbook

To create a new host in Termius vault, add the role to your provisioning playbook. When you run the playbook, newly provisioned machines will appear in your Termius Vault.

- name: Import Inventory To Termius
  hosts: all
  gather_facts: false
  roles: 
    - role: termius
      vars:
        api_url: <

- name: Import Inventory To Termius
  hosts: all
  gather_facts: false
  roles: 
    - role: termius
      vars:
        api_url: <

- name: Import Inventory To Termius
  hosts: all
  gather_facts: false
  roles: 
    - role: termius
      vars:
        api_url: <

- name: Import Inventory To Termius
  hosts: all
  gather_facts: false
  roles: 
    - role: termius
      vars:
        api_url: <

Replace API_BRIDGE_URL with the address where API Bridge Docker container is running.

Step 4: Modify Your Deprovisioning Playbook

To keep your vault updated when shutting down unused machines, add Termius role at the end of your deprovisioning playbook to remove unused hosts automatically:

- name: Delete host from Termius
  hosts: all
  gather_facts: false
  tasks:
    - include_role:
        name: termius
        tasks_from: delete_termius_host.ansible.yml
        vars:
	        api_url: <

- name: Delete host from Termius
  hosts: all
  gather_facts: false
  tasks:
    - include_role:
        name: termius
        tasks_from: delete_termius_host.ansible.yml
        vars:
	        api_url: <

- name: Delete host from Termius
  hosts: all
  gather_facts: false
  tasks:
    - include_role:
        name: termius
        tasks_from: delete_termius_host.ansible.yml
        vars:
	        api_url: <

- name: Delete host from Termius
  hosts: all
  gather_facts: false
  tasks:
    - include_role:
        name: termius
        tasks_from: delete_termius_host.ansible.yml
        vars:
	        api_url: <

Need help?

Explore the Termius role for comprehensive examples and detailed information. If you face any challenges or want to share feedback, please contact us for assistance.