With AWX and Ansible Tower, I know you can use HashiCorp Vault to manage the passwords that you use inside your playbooks. For instance if you want to configure some network devices, the credentials for accessing these devices could reside in the Vault.
Has anybody used AWX/Tower with database passwords stored in HashiCorp Vault? By default, the Postgress passwords is stored in a file in the file system if I am not mistaken.
This article however suggests that the passwords could be stored in the VAult such that Tower/AWX would only get short lived credentials to access the database: https://www.arctiq.ca/our-blog/2019/9/20/configuring-hashicorp-vault-to-generate-dynamic-postgresql-credentials/
Please can you share your experience with this architecture?