aws_secret – Look up secrets stored in AWS Secrets Manager
aws_secret – Look up secrets stored in AWS Secrets Manager
New in version 2.8.
Synopsis
- Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.
- Lookup is based on the secret’s
Name
value. - Optional parameters can be passed into this lookup;
version_id
andversion_stage
Requirements
The below requirements are needed on the local master node that executes this lookup.
- boto3
- botocore>=1.10.0
Parameters
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_terms - / required |
Name of the secret to look up in AWS Secrets Manager. | ||
aws_access_key string |
env:EC2_ACCESS_KEY env:AWS_ACCESS_KEY env:AWS_ACCESS_KEY_ID |
The AWS access key to use.
| |
aws_profile string |
env:AWS_DEFAULT_PROFILE env:AWS_PROFILE |
The AWS profile
| |
aws_secret_key string |
env:EC2_SECRET_KEY env:AWS_SECRET_KEY env:AWS_SECRET_ACCESS_KEY |
The AWS secret key that corresponds to the access key.
| |
aws_security_token string |
env:EC2_SECURITY_TOKEN env:AWS_SESSION_TOKEN env:AWS_SECURITY_TOKEN |
The AWS security token if using temporary access and secret keys. | |
join boolean |
Default: "no" |
Join two or more entries to form an extended secret. This is useful for overcoming the 4096 character limit imposed by AWS. | |
region string |
env:EC2_REGION env:AWS_REGION |
The region for which to create the connection. | |
version_id - |
Version of the secret(s). | ||
version_stage - |
Stage of the secret version. |
Examples
- name: Create RDS instance with aws_secret lookup for password param
rds:
command: create
instance_name: app-db
db_engine: MySQL
size: 10
instance_type: db.m1.small
username: dbadmin
password: "{{ lookup('aws_secret', 'DbSecret') }}"
tags:
Environment: staging
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw - |
Returns the value of the secret stored in AWS Secrets Manager.
|
Status
- This lookup is not guaranteed to have a backwards compatible interface. [preview]
- This lookup is maintained by the Ansible Community. [community]
Authors
- Aaron Smith <[email protected]>
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/lookup/aws_secret.html