kubespray/roles/vault/tasks/shared/gen_userpass.yml

---
- name: shared/gen_userpass | Create the Username/Password combo for the role
  hashivault_userpass_create:
    url: "{{ vault_leader_url }}"
    token: "{{ vault_root_token }}"
    ca_cert: "{{ vault_cert_dir }}/ca.pem"
    name: "{{ gen_userpass_username }}"
    pass: "{{ gen_userpass_password }}"
    policies:
      - "{{ gen_userpass_role }}"
  run_once: true

- name: shared/gen_userpass | Ensure destination directory exists
  file:
    path: "{{ vault_roles_dir }}/{{ gen_userpass_role }}"
    state: directory

- name: shared/gen_userpass | Copy credentials to all hosts in the group
  copy:
    content: >
             {{
             {'username': gen_userpass_username,
              'password': gen_userpass_password} | to_nice_json(indent=4)
             }}
    dest: "{{ vault_roles_dir }}/{{ gen_userpass_role }}/userpass"