ansible · ianf77 · Nov 7, 2025 · Nov 3, 2025 · Nov 3, 2025 · Nov 4, 2025
diff --git a/downstream/assemblies/vault-aap/assembly-vault-authenticating.adoc b/downstream/assemblies/vault-aap/assembly-vault-authenticating.adoc
@@ -4,13 +4,9 @@
 
 = Authenticating to `hashicorp.vault`
 
-After you install or migrate to the `hashicorp.vault` collection, authentication is configured in the {PlatformNameShort} user interface:
-
-* An administrator creates a custom credential type to authenticate to {Vault}.
-
-* Users create credentials (based on the credential type) to use with job templates in {PlatformNameShort}.
-
+[role="_abstract"]
 
+After you install or migrate to the `hashicorp.vault` collection, authentication is configured in the {PlatformNameShort} user interface. An administrator creates a custom credential type to authenticate to {Vault}. Users create credentials (based on the credential type) to use with job templates in {PlatformNameShort}.
 
 include::vault-aap/con-vault-authentication-architecture.adoc[leveloffset=+1]
 include::vault-aap/proc-vault-creating-credential-type.adoc[leveloffset=+1]

diff --git a/downstream/assemblies/vault-aap/assembly-vault-introduction.adoc b/downstream/assemblies/vault-aap/assembly-vault-introduction.adoc
@@ -4,6 +4,8 @@
 
 = About the {Vault} integration
 
-The integration of {PlatformName} and {VaultFullName} provides fully automated Key/Value V2 (KV2) secret lifecycle management for {Vault}.
+[role="_abstract"]
+
+The integration of {PlatformName} and {VaultFullName} provides fully automated lifecycle management for {Vault}.
 
 include::vault-aap/con-vault-intro.adoc[leveloffset=+1]
diff --git a/downstream/assemblies/vault-aap/assembly-vault-kv1-modules.adoc b/downstream/assemblies/vault-aap/assembly-vault-kv1-modules.adoc
@@ -0,0 +1,15 @@
+:_mod-docs-content-type: ASSEMBLY
+
+[id="vault-kv1-modules"]
+
+= Configuring KV1 modules
+
+[role="_abstract"]
+
+If you are using KV1 with `community.hashi_vault` collection, configure the corresponding modules in the `hashicorp.vault` collection.
+
+include::vault-aap/proc-vault-configuring-kv1-secret.adoc[leveloffset=+1]
+include::vault-aap/proc-vault-configuring-kv1-secret-info.adoc[leveloffset=+1]
+include::vault-aap/proc-vault-configuring-kv1-secret-get-lookup.adoc[leveloffset=+1]
+include::vault-aap/con-vault-migration-examples-kv1-secret-info.adoc[leveloffset=+1]
+include::vault-aap/con-vault-migration-examples-kv1-secret-get-lookup.adoc[leveloffset=+1]
diff --git a/downstream/assemblies/vault-aap/assembly-vault-kv2-modules.adoc b/downstream/assemblies/vault-aap/assembly-vault-kv2-modules.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+
+[id="vault-kv2-modules"]
+
+= Configuring KV2 modules
+
+[role="_abstract"]
+
+If you are using KV2 with `community.hashi_vault` collection, configure the corresponding modules in the `hashicorp.vault` collection.
+
+include::vault-aap/proc-vault-configuring-kv2-secret.adoc[leveloffset=+1]
+include::vault-aap/proc-vault-configuring-kv2-secret-info.adoc[leveloffset=+1]
+include::vault-aap/proc-vault-configuring-kv2-secret-get-lookup.adoc[leveloffset=+1]
+include::vault-aap/con-vault-migration-examples-kv2-secret-module.adoc[leveloffset=+1]
+include::vault-aap/con-vault-migration-examples-kv2-secret-info.adoc[leveloffset=+1]
+include::vault-aap/con-vault-migration-examples-kv2-secret-get-lookup.adoc[leveloffset=+1]
diff --git a/downstream/assemblies/vault-aap/assembly-vault-migrating-from-community.adoc b/downstream/assemblies/vault-aap/assembly-vault-migrating-from-community.adoc
@@ -4,16 +4,9 @@
 
 = Migrating from `community.hashi_vault`
 
-If you are using the `community.hashi_vault` collection, you can migrate your existing playbooks to the `hashicorp.vault` collection.
-
-There are two modules for `hashicorp.vault` that you must configure:
+[role="_abstract"]
 
-* **`hashicorp.vault.kv2_secret`** - A unified module for CRUD operations on KV2 secrets.
-* **`hashicorp.vault.kv2_secret_get lookup`** - A lookup plugin for reading KV2 secrets.
-
-In the following procedures, you will replicate the parameters from the `community.hashi_vault` modules to these required `hashicorp.vault` modules.
+If you are using the `community.hashi_vault` collection, you can migrate your existing playbooks to the `hashicorp.vault` collection.
 
-include::vault-aap/proc-vault-configuring-kv2-secret.adoc[leveloffset=+1]
-include::vault-aap/proc-vault-configuring-kv2-secret-get-lookup.adoc[leveloffset=+1]
-include::vault-aap/con-vault-migration-examples-secret-module.adoc[leveloffset=+1]
-include::vault-aap/con-vault-migration-examples-secret-get-lookup.adoc[leveloffset=+1]
+include::assembly-vault-kv1-modules.adoc[leveloffset=+1]
+include::assembly-vault-kv2-modules.adoc[leveloffset=+1]
diff --git a/downstream/modules/vault-aap/con-vault-authentication-architecture.adoc b/downstream/modules/vault-aap/con-vault-authentication-architecture.adoc
@@ -6,7 +6,9 @@
 
 [role="_abstract"]
 
-The `hashicorp.vault` collection manages authentication through environment variables and client initialization. This approach enhances security by preventing sensitive credentials from being passed directly as module parameters within playbook tasks. Instead, `hashicorp.vault` injects credentials into job templates with environment variables, so you get simpler, cleaner task definitions while ensuring that authentication details remain secure.
+The `hashicorp.vault` collection manages authentication through environment variables and client initialization. This approach enhances security by preventing sensitive credentials from being passed directly as module parameters within playbook tasks.
+
+The `hashicorp.vault` collection injects credentials into job templates with environment variables, so you get simpler, cleaner task definitions while ensuring that authentication details remain secure.
 
 The following authentication types are supported:
 

diff --git a/downstream/modules/vault-aap/con-vault-intro.adoc b/downstream/modules/vault-aap/con-vault-intro.adoc
@@ -6,7 +6,7 @@
 
 [role="_abstract"]
 
-{Vault} lets you centrally store and manage secrets securely. The {PlatformNameShort} certified `hashicorp.vault` collection provides fully automated Key/Value V2 (KV2) secret lifecycle management for {Vault}. You can create, update, and delete secrets through playbooks.
+{Vault} lets you centrally store and manage secrets securely. The {PlatformNameShort} certified `hashicorp.vault` collection provides fully automated Key/Value V1 and V2 (KV1 and KV2) secret lifecycle management for {Vault}. You can create, update, and delete secrets through playbooks.
 
 * **Existing `community.hashi_vault` users:** The `hashicorp.vault` solution is intended to replace unsupported `community.hashi_vault` collection. Use the migration path to keep your existing playbooks. For more information about migrating, see
 link:{URLHashiGuide}/vault-product#vault-migrating-from-community-hashi-vault[Migrating from `community.hashi_vault`].

diff --git a/...tream/modules/vault-aap/con-vault-migration-examples-kv1-secret-get-lookup.adoc b/...tream/modules/vault-aap/con-vault-migration-examples-kv1-secret-get-lookup.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: CONCEPT
+
+[id="vault-migration-examples-kv1-secret-get-lookup"]
+
+= Migration example for the `hashicorp.vault.kv1_secret_get` lookup
+
+[role="_abstract"]
+
+The following example shows the KV1 secret get lookup.
+
+**Example:**
+
+Before (community.hashi_vault)
+
+----
+- name: Retrieve a secret from the Vault
+  ansible.builtin.debug:
+    msg: "{{ lookup('community.hashi_vault.vault_kv1_get', 'hello', url='https://vault:8201') }}"
+----
+
+After (hashicorp.vault)
+----
+- name: Retrieve a secret from the Vault
+  ansible.builtin.debug:
+    msg: "{{ lookup('hashicorp.vault.kv1_secret_get',
+                    secret='hello',
+                    url='https://myvault_url:8201') }}"
+----
diff --git a/downstream/modules/vault-aap/con-vault-migration-examples-kv1-secret-info.adoc b/downstream/modules/vault-aap/con-vault-migration-examples-kv1-secret-info.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: CONCEPT
+
+[id="vault-migration-examples-kv1-secret-info"]
+
+= Migration example for the `hashicorp.vault.kv1_secret_info` module
+
+[role="_abstract"]
+
+The following example shows before and after configurations for the `hashicorp.vault.kv1_secret_info` module.
+
+**Example:**
+
+Before (community.hashi_vault)
+
+----
+- name: Read a kv1 secret from Vault (community collection)
+  community.hashi_vault.vault_kv1_get:
+    url: https://vault:8201
+    token: "{{ vault_token }}"
+    path: hello
+  register: response
+
+----
+
+After (hashicorp.vault)
+
+----
+- name: Read a kv1 secret from Vault (hashicorp.vault collection)
+  hashicorp.vault.kv1_secret_info:
+    url: https://vault.example.com:8201
+    token: "{{ vault_token }}"
+    path: sample
+
+----
diff --git a/...migration-examples-secret-get-lookup.adoc → ...ation-examples-kv2-secret-get-lookup.adoc b/...migration-examples-secret-get-lookup.adoc → ...ation-examples-kv2-secret-get-lookup.adoc
@@ -1,13 +1,14 @@
 :_mod-docs-content-type: CONCEPT
 
-[id="vault-migration-examples-secret-get-lookup"]
+[id="vault-migration-examples-kv2-secret-get-lookup"]
 
 = Migration examples for the `hashicorp.vault.kv2_secret_get` lookup
 
 [role="_abstract"]
 
-.Example: KV2 secret lookup - latest version
-[example]
+The following example shows the KV2 secret get lookup for retrieving the latest version.
+
+**Example:** 
 
 Before (`community.hashi_vault`)
 

diff --git a/downstream/modules/vault-aap/con-vault-migration-examples-kv2-secret-info.adoc b/downstream/modules/vault-aap/con-vault-migration-examples-kv2-secret-info.adoc
@@ -0,0 +1,53 @@
+:_mod-docs-content-type: CONCEPT
+
+[id="vault-migration-examples-kv2-secret-info"]
+
+= Migration examples for the `hashicorp.vault.kv2_secret_info` module
+
+[role="_abstract"]
+
+The following examples show before and after configurations for the `hashicorp.vault.kv2_secret_info` module.
+
+**Example 1: Read a secret with token authentication**
+
+Before (community.hashi_vault)
+
+----
+- name: Read the latest version of a kv2 secret from Vault  community.hashi_vault.vault_kv2_get:
+    url: https://vault.example.com:8200
+    token: "{{ vault_token }}"
+    path: myapp/config
+  register: response
+----
+
+After (hashicorp.vault)
+
+----
+- name: Read a secret with token authentication
+  hashicorp.vault.kv2_secret_info:
+    url: https://vault.example.com:8200
+    token: "{{ vault_token }}"
+    path: myapp/config
+----
+
+**Example 2: Read a secret with a specific version**
+
+Before (community.hashi.vault)
+
+----
+- name: Read version 5 of a secret from kv2
+  community.hashi_vault.vault_kv2_get:
+    url: https://vault.example.com:8200
+    path: myapp/config
+    version: 5
+----
+
+After (hashicorp.vault)
+
+----
+- name: Read a secret with a specific version
+  hashicorp.vault.kv2_secret_info:
+    url: https://vault.example.com:8200
+    path: myapp/config
+    version: 1
+----
diff --git a/...ult-migration-examples-secret-module.adoc → ...migration-examples-kv2-secret-module.adoc b/...ult-migration-examples-secret-module.adoc → ...migration-examples-kv2-secret-module.adoc
@@ -1,15 +1,20 @@
 :_mod-docs-content-type: CONCEPT
 
-[id="vault-migration-examples-secret-module"]
+[id="vault-migration-examples-kv2-secret-module"]
 
 = Migration examples for the `hashicorp.vault.kv2_secret` module
 
 [role="_abstract"]
 
 The following examples show basic before and after configurations for the `hashicorp.vault.kv2_secret` module.
 
-.Example: Basic Secret Write/Create
-[example]
+[NOTE]
+====
+KV2 link:https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2/cookbook/delete-data[delete operations] are `soft-delete`.
+====
+
+**Example 1: Basic Secret Write/Create**
+
 Before (`community.hashi_vault`):
 
 ----
@@ -32,8 +37,8 @@ After (`hashicorp.vault`):
       foo: bar
 ----
 
-.Example 2: Basic Secret Delete
-[example]
+**Example 2: Basic Secret Delete**
+
 Before (`community.hashi_vault`):
 
 ----
@@ -53,8 +58,8 @@ After (`hashicorp.vault`):
     state: absent
 ----
 
-.Example 3: Secret Delete - specific version
-[example]
+**Example 3: Secret Delete - specific version**
+
 Before (`community.hashi_vault`):
 
 ----

diff --git a/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret-get-lookup.adoc b/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret-get-lookup.adoc
@@ -0,0 +1,47 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="vault-configuring-kv1-secret-get-lookup"]
+
+= Configuring the `hashicorp.vault.kv1_secret_get` lookup plugin
+
+[role="_abstract"]
+
+The `hashicorp.vault.kv1_secret_get` lookup plugin module reads KV1 secrets.
+
+The corresponding `community.hashi_vault` modules are:
+
+* **`community.hashi_vault.hashi_vault`:** Retrieves secrets from HashiCorp Vault.
+* **`community.hashi_vault.vault_kv1_get lookup`:** Gets secrets from the HashiCorp Vault KV version 1 secret store.
+
+.Procedure
+. Replicate `the community.hashi_vault` modules to the following `hashicorp.vault.kv1_secret_get` parameters.
++
+----
+auth_method:
+  description: Authentication method to use.
+  choices: ['token', 'approle']
+  default: token
+  type: str
+engine_mount_point:
+  description:
+    - The KV secrets engine mount point.
+  default: secret
+  type: str
+  aliases: ['mount_point', 'secret_mount_path']
+secret:
+  description:
+    - The Vault path to the secret being requested.
+  required: true
+  type: str
+  aliases: ['secret_path']
+----
+. (Required) Configure the secret parameter. This maps to secret in the `community.hashi_vault.hashi_vault` modules. *Alias:* `secret_path`
+. If needed, configure the link:https://console.redhat.com/ansible/automation-hub/repo/published/hashicorp/vault/docs/[optional parameters].
+
+.Next step
+
+* {URLHashiGuide}/vault-product#vault-creating-a-credential-type[Creating a credential type]
+
+[role="_additional-resources"]
+.Additional resources
+ * link:{URLHashiGuide}/vault-product#vault-migration-examples-kv1-secret-get-lookup[Migration examples for the `hashicorp.vault.kv1_secret_get` lookup plugin].
diff --git a/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret-info.adoc b/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret-info.adoc
@@ -0,0 +1,46 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="vault-configuring-kv1-secret-info"]
+
+= Configuring the `hashicorp.vault.kv1_secret_info` module
+
+[role="_abstract"]
+
+The `hashicorp.vault.kv1_secret_info` module reads KV1 secrets.
+
+The corresponding community.hashi_vault modules are:
+
+* **`community.hashi_vault.vault_kv1_get`:** Retrieves secrets from the HashiCorp Vault KV version 1 secret store.
+* **`community.hashi_vault.vault_kv1_get lookup`:** Retrieves secrets from the HashiCorp Vault KV version 1 secret store.
+
+.Procedure
+
+. Replicate the `community.hashi_vault modules` to the following `hashicorp.vault.kv1_secret_secret_info` parameters.
++
+----
+  engine_mount_point:
+    description: KV secrets engine mount point.
+    default: secret
+    type: str
+    aliases: [secret_mount_path]
+  path:
+    description:
+      - Specifies the path of the secret.
+    required: true
+    type: str
+    aliases: [secret_path]
+extends_documentation_fragment:
+  - hashicorp.vault.vault_auth.modules
+----
+
+. (Required) Configure the `path` parameter. This is 
+the path to the secret in the `community.hashi_vault.hashi_vault` modules. *Alias:* `secret_path`
+. If needed, configure the link:https://console.redhat.com/ansible/automation-hub/repo/published/hashicorp/vault/docs/[optional parameters].
+
+.Next step
+
+* link:{URLHashiGuide}/vault-product#vault-configuring-kv1-secret-get-lookup[Configuring the `hashicorp.vault.kv1_secret_get` lookup plugin].
+
+[role="_additional-resources"]
+.Additional resources
+* link:{URLHashiGuide}/vault-product#vault-migration-examples-kv1-secret-info[Migration examples for the `hashicorp.vault.kv1_secret_info` module].
diff --git a/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret.adoc b/downstream/modules/vault-aap/proc-vault-configuring-kv1-secret.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="vault-configuring-kv1-secret"]
+
+= Configuring the `hashicorp.vault.kv1_secret` module
+
+[role="_abstract"]
+
+Configuring this module is not required for migration because there are no corresponding modules in `community.hashi_vault`. However, you might want to configure something other than the defaults for `auth_method` and `state` after the migration. You can use the examples on {HubNameMain} for reference.