docker_secret - Manage docker secrets.
New in version 2.4.
Synopsis
- Create and remove Docker secrets in a Swarm environment. Similar to
docker secret createanddocker secret rm. - Adds to the metadata of new secrets ‘ansible_key’, an encrypted hash representation of the data, which is then used
- in future runs to test if a secret has changed.
- If ‘ansible_key is not present, then a secret will not be updated unless the
forceoption is set. - Updates to secrets are performed by removing the secret and creating it again.
Requirements (on host that executes module)
- docker-py >= 2.1.0
- Docker API >= 1.25
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_version |
no | default provided by docker-py |
The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by docker-py.
aliases: docker_api_version
|
|
| cacert_path |
no |
Use a CA certificate when performing server verification by providing the path to a CA certificate file.
aliases: tls_ca_cert
|
||
| cert_path |
no |
Path to the client's TLS certificate file.
aliases: tls_client_cert
|
||
| data |
no |
String. The value of the secret. Required when state is present.
|
||
| docker_host |
no | unix://var/run/docker.sock |
The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, 'tcp://192.0.2.23:2376'. If TLS is used to encrypt the connection, the module will automatically replace 'tcp' in the connection URL with 'https'.
aliases: docker_url
|
|
| force |
no |
Boolean. Use with state
present to always remove and recreate an existing secret.
If true, an existing secret will be replaced, even if it has not changed.
|
||
| key_path |
no |
Path to the client's TLS key file.
aliases: tls_client_key
|
||
| labels |
no |
A map of key:value meta data, where both the key and value are expected to be a string.
If new meta data is provided, or existing meta data is modified, the secret will be updated by removing it and creating it again.
|
||
| name |
yes |
The name of the secret.
|
||
| ssl_version |
no | 1.0 |
Provide a valid SSL version number. Default value determined by docker-py, currently 1.0.
|
|
| state |
no | present |
|
Set to present, if the secret should exist, and absent, if it should not.
|
| timeout |
no | 60 |
The maximum amount of time in seconds to wait on a response from the API.
|
|
| tls |
no |
Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server.
|
||
| tls_hostname |
no | localhost |
When verifying the authenticity of the Docker Host server, provide the expected name of the server.
|
|
| tls_verify |
no |
Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.
|
Examples
- name: Create secret foo
docker_secret:
name: foo
data: Hello World!
state: present
- name: Change the secret data
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
state: present
- name: Add a new label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Adding a new label will cause a remove/create of the secret
two: '2'
state: present
- name: No change
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Even though 'two' is missing, there is no change to the existing secret
state: present
- name: Update an existing label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: monkey # Changing a label will cause a remove/create of the secret
one: '1'
state: present
- name: Force the removal/creation of the secret
docker_secret:
name: foo
data: Goodnight everyone!
force: yes
state: present
- name: Remove secret foo
docker_secret:
name: foo
state: absent
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| secret_id |
The ID assigned by Docker to the secret object.
|
success | string | hzehrmyjigmcp2gb6nlhmjqcv |
Notes
Note
- Connect to the Docker daemon by providing parameters with each task or by defining environment variables. You can define DOCKER_HOST, DOCKER_TLS_HOSTNAME, DOCKER_API_VERSION, DOCKER_CERT_PATH, DOCKER_SSL_VERSION, DOCKER_TLS, DOCKER_TLS_VERIFY and DOCKER_TIMEOUT. If you are using docker machine, run the script shipped with the product that sets up the environment. It will set these variables for you. See https://docker-py.readthedocs.org/en/stable/machine/ for more details.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/docker_secret_module.html