ansible.builtin.password (v2.6.0) — lookup

Install Ansible via pip

Install with pip install ansible==2.6.0

Description

Generates a random plaintext password and stores it in a file at a given filepath.

If the file exists previously, it will retrieve its contents, behaving just like with_file.

Usage of variables like C("{{ inventory_hostname }}") in the filepath can be used to set up random passwords per host, which simplifies password management in C("host_vars") variables.

A special case is using /dev/null as a path. The password lookup will generate a new random password each time, but will not write it to /dev/null. This can be used when you need a password without storing it on the controller.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: create a mysql user with a random password
  mysql_user:
    name: "{{ client }}"
    password: "{{ lookup('password', 'credentials/' + client + '/' + tier + '/' + role + '/mysqlpassword length=15') }}"
    priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: create a mysql user with a random password using only ascii letters
  mysql_user: name={{ client }} password="{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}" priv='{{ client }}_{{ tier }}_{{ role }}.*:ALL'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: create a mysql user with a random password using only digits
  mysql_user:
    name: "{{ client }}"
    password: "{{ lookup('password', '/tmp/passwordfile chars=digits') }}"
    priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: create a mysql user with a random password using many different char sets
  mysql_user:
    name: "{{ client }}"
    password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}"
    priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL"

Inputs

    
chars:
    description:
    - Define comma separated list of names that compose a custom character set in the
      generated passwords.
    - 'By default generated passwords contain a random mix of upper and lowercase ASCII
      letters, the numbers 0-9 and punctuation (". , : - _").'
    - They can be either parts of Python's string module attributes (ascii_letters,digits,
      etc) or are used literally ( :, -).
    - To enter comma use two commas ',,' somewhere - preferably at the end. Quotes and
      double quotes are not supported.
    type: string
    version_added: '1.4'
    version_added_collection: ansible.builtin

_terms:
    description:
    - path to the file that stores/will store the passwords
    required: true

length:
    default: 20
    description: The length of the generated password.
    type: integer

encrypt:
    default: true
    description:
    - Whether the user requests that this password is returned encrypted or in plain text.
    - Note that the password is always stored as plain text.
    - Encrypt also forces saving the salt value for idempotence.
    type: boolean

Outputs

_raw:
  description:
  - a password