community.general.passwordstore – manage passwords with passwordstore.org’s pass utility
Note
This plugin is part of the community.general collection (version 1.3.2).
To install it use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.passwordstore.
Synopsis
- Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. It also retrieves YAML style keys stored as multilines in the passwordfile.
Parameters
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
| _terms
string / required
|
query key.
|
||
| backup
boolean
|
|
Used with overwrite=yes. Backup the previous password in a subkey.
|
|
| create
boolean
|
|
Create the password if it does not already exist.
|
|
| directory
string
|
env:PASSWORD_STORE_DIR
|
The directory of the password store.
|
|
| length
integer
|
Default:
16
|
The length of the generated password.
|
|
| nosymbols
boolean
|
|
use alphanumeric characters.
|
|
| overwrite
boolean
|
|
Overwrite the password if it does already exist.
|
|
| passwordstore
string
|
Default:
"~/.password-store"
|
location of the password store.
|
|
| returnall
boolean
|
|
Return all the content of the password, not only the first line.
|
|
| subkey
string
|
Default:
"password"
|
Return a specific subkey of the password. When set to password, always returns the first line.
|
|
| umask
string
added in 1.3.0 of community.general
|
env:PASSWORD_STORE_UMASK
|
Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
Note pass' default value is '077'.
|
|
| userpass
string
|
Specify a password to save, instead of a generated one.
|
Examples
# Debug is used for examples, BAD IDEA to show passwords on screen
- name: Basic lookup. Fails if example/test doesn't exist
ansible.builtin.debug:
msg: "{{ lookup('community.general.passwordstore', 'example/test')}}"
- name: Create pass with random 16 character password. If password exists just give the password
ansible.builtin.debug:
var: mypassword
vars:
mypassword: "{{ lookup('community.general.passwordstore', 'example/test create=true')}}"
- name: Different size password
ansible.builtin.debug:
msg: "{{ lookup('community.general.passwordstore', 'example/test create=true length=42')}}"
- name: Create password and overwrite the password if it exists. As a bonus, this module includes the old password inside the pass file
ansible.builtin.debug:
msg: "{{ lookup('community.general.passwordstore', 'example/test create=true overwrite=true')}}"
- name: Create an alphanumeric password
ansible.builtin.debug:
msg: "{{ lookup('community.general.passwordstore', 'example/test create=true nosymbols=true') }}"
- name: Return the value for user in the KV pair user, username
ansible.builtin.debug:
msg: "{{ lookup('community.general.passwordstore', 'example/test subkey=user')}}"
- name: Return the entire password file content
ansible.builtin.set_fact:
passfilecontent: "{{ lookup('community.general.passwordstore', 'example/test returnall=true')}}"
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
| _raw
list / elements=string
|
success |
a password
|
Authors
- Patrick Deelman (!UNKNOWN) <patrick@patrickdeelman.nl>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/passwordstore_lookup.html