aws_secret – Look up secrets stored in AWS Secrets Manager

From Get docs
< Lookup PluginsAnsible/docs/2.8/plugins/lookup/aws secret


aws_secret – Look up secrets stored in AWS Secrets Manager

New in version 2.8.


Synopsis

  • Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.
  • Lookup is based on the secret’s Name value.
  • Optional parameters can be passed into this lookup; version_id and version_stage

Requirements

The below requirements are needed on the local master node that executes this lookup.

  • boto3
  • botocore>=1.10.0

Parameters

Parameter Choices/Defaults Configuration Comments

_terms

- / required

Name of the secret to look up in AWS Secrets Manager.

aws_access_key

string

env:EC2_ACCESS_KEY

env:AWS_ACCESS_KEY

env:AWS_ACCESS_KEY_ID

The AWS access key to use.


aliases: aws_access_key_id

aws_profile

string

env:AWS_DEFAULT_PROFILE

env:AWS_PROFILE

The AWS profile


aliases: boto_profile

aws_secret_key

string

env:EC2_SECRET_KEY

env:AWS_SECRET_KEY

env:AWS_SECRET_ACCESS_KEY

The AWS secret key that corresponds to the access key.


aliases: aws_secret_access_key

aws_security_token

string

env:EC2_SECURITY_TOKEN

env:AWS_SESSION_TOKEN

env:AWS_SECURITY_TOKEN

The AWS security token if using temporary access and secret keys.

join

boolean

Default:

"no"

Join two or more entries to form an extended secret.

This is useful for overcoming the 4096 character limit imposed by AWS.

region

string

env:EC2_REGION

env:AWS_REGION

The region for which to create the connection.

version_id

-

Version of the secret(s).

version_stage

-

Stage of the secret version.



Examples

- name: Create RDS instance with aws_secret lookup for password param
  rds:
    command: create
    instance_name: app-db
    db_engine: MySQL
    size: 10
    instance_type: db.m1.small
    username: dbadmin
    password: "{{ lookup('aws_secret', 'DbSecret') }}"
    tags:
      Environment: staging

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description

_raw

-

Returns the value of the secret stored in AWS Secrets Manager.





Status

Authors

Hint

If you notice any issues in this documentation, you can edit this document to improve it.


Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/lookup/aws_secret.html