1) What is the nature and description of the request?

-> It would be beneficial to have better integration between AAP and Vault to simplify the process of Ansible playbooks fetching secrets from Vault. Multiple solutions are possible, but one example would be to establish a trust relationship with AAP and use JWTs in the execution environment that are signed by AAP and contain information such as template name, ID, inventory, caller, etc. This JWT can then be sent to Vault, allowing users to define new bound claims based on the information in the JWT to access specific secrets.

For example, once the trust is set up, to provide access to a secret in Vault for a new combination of template, user, and inventory in AAP, the user would only need to define a bound claim in Vault like this:

template_name: mytemplate
template_id: 1234
organization: myorg
inventory: myinventory
user/group: mygroup
<any other options if needed>

This configuration grants read access to secret: mysecrets/myproject/admin

This approach would greatly simplify and reduce the overhead and complexity of having Ansible playbooks fetch secrets from Vault.

2) Why does the customer need this?

-> ** It would drastically reduce the overhead of managing secrets and improve overall security as it would be more easy to granular give access to secrets stored in a secret management tools like vault.