mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.6 KiB
YAML
49 lines
1.6 KiB
YAML
DOCUMENTATION:
|
|
name: vault
|
|
author: Brian Coca (@bcoca)
|
|
version_added: "2.12"
|
|
short_description: vault your secrets
|
|
description:
|
|
- Put your information into an encrypted Ansible Vault
|
|
positional: secret
|
|
options:
|
|
_input:
|
|
description: data to vault
|
|
type: string
|
|
required: true
|
|
secret:
|
|
description: Vault secret, the key that lets you open the vault
|
|
type: string
|
|
required: true
|
|
salt:
|
|
description:
|
|
- Encryption salt, will be random if not provided
|
|
- While providing one makes the resulting encrypted string reproducible, it can lower the security of the vault
|
|
type: string
|
|
vault_id:
|
|
description: Secret identifier, used internally to try to best match a secret when multiple are provided
|
|
type: string
|
|
default: 'filter_default'
|
|
wrap_object:
|
|
description:
|
|
- This toggle can force the return of an C(AnsibleVaultEncryptedUnicode) string object, when C(False), you get a simple string
|
|
- Mostly useful when combining with the C(to_yaml) filter to output the 'inline vault' format.
|
|
type: bool
|
|
default: False
|
|
|
|
EXAMPLES: |
|
|
# simply encrypt my key in a vault
|
|
vars:
|
|
myvaultedkey: "{{ keyrawdata|vault(passphrase) }} "
|
|
|
|
- name: save templated vaulted data
|
|
template: src=dump_template_data.j2 dest=/some/key/vault.txt
|
|
vars:
|
|
mysalt: '{{2**256|random(seed=inventory_hostname)}}'
|
|
template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
|
|
|
|
RETURN:
|
|
_value:
|
|
description: The vault string that contains the secret data (or AnsibleVaultEncryptedUnicode string object)
|
|
type: string
|