community.general.credstash – retrieve secrets from Credstash on AWS

From Get docs
Ansible/docs/2.10/collections/community/general/credstash lookup


community.general.credstash – retrieve secrets from Credstash on AWS

Note

This plugin is part of the community.general collection (version 1.3.2).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.credstash.


Synopsis

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • credstash (python library)

Parameters

Parameter Choices/Defaults Configuration Comments

_terms

list / elements=string / required

term or list of terms to lookup in the credit store

aws_access_key_id

string

env:AWS_ACCESS_KEY_ID

AWS access key ID

aws_secret_access_key

string

env:AWS_SECRET_ACCESS_KEY

AWS access key

aws_session_token

string

env:AWS_SESSION_TOKEN

AWS session token

profile_name

string

env:AWS_PROFILE

AWS profile to use for authentication

region

string

AWS region

table

string / required

Default:

"credential-store"

name of the credstash table to query

version

string

Credstash version



Examples

- name: first use credstash to store your secrets
  ansible.builtin.shell: credstash put my-github-password secure123

- name: "Test credstash lookup plugin -- get my github password"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-github-password') }}"

- name: "Test credstash lookup plugin -- get my other password from us-west-1"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-other-password', region='us-west-1') }}"

- name: "Test credstash lookup plugin -- get the company's github password"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'company-github-password', table='company-passwords') }}"

- name: Example play using the 'context' feature
  hosts: localhost
  vars:
    context:
      app: my_app
      environment: production
  tasks:

  - name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}"

  - name: "Test credstash lookup plugin -- get the password with a context defined here"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description

_raw

string

success

Value(s) stored in Credstash.





Authors

  • Unknown (!UNKNOWN)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/credstash_lookup.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.10/collections/community/general/credstash_lookup&oldid=56694"
Powered by MediaWiki