ansible / ansible.builtin / v2.7.18 / module / onepassword_facts Fetch facts from 1Password items | "added in version" 2.7 of ansible.builtin" Authors: Ryan Conway (@rylon) preview | supported by communityansible.builtin.onepassword_facts (v2.7.18) — module
pip
Install with pip install ansible==2.7.18
M(onepassword_facts) wraps the C(op) command line utility to fetch data about one or more 1password items and return as Ansible facts.
A fatal error occurs if any of the items being searched for can not be found.
Recommend using with the C(no_log) option to avoid logging the values of the secrets being retrieved.
# Gather secrets from 1Password, assuming there is a 'password' field: - name: Get a password onepassword_facts: search_terms: My 1Password item delegate_to: local no_log: true # Don't want to log the secrets to the console!
# Gather secrets from 1Password, with more advanced search terms: - name: Get a password onepassword_facts: search_terms: - name: My 1Password item field: Custom field name # optional, defaults to 'password' section: Custom section name # optional, defaults to 'None' vault: Name of the vault # optional, only necessary if there is more than 1 Vault available delegate_to: local no_log: true # Don't want to log the secrets to the console!
# Gather secrets combining simple and advanced search terms to retrieve two items, one of which we fetch two # fields. In the first 'password' is fetched, as a field name is not specified (default behaviour) and in the # second, 'Custom field name' is fetched, as that is specified explicitly. - name: Get a password onepassword_facts: search_terms: - My 1Password item # 'name' is optional when passing a simple string... - name: My Other 1Password item # ...but it can also be set for consistency - name: My 1Password item field: Custom field name # optional, defaults to 'password' section: Custom section name # optional, defaults to 'None' vault: Name of the vault # optional, only necessary if there is more than 1 Vault available - name: A 1Password item with document attachment delegate_to: local no_log: true # Don't want to log the secrets to the console!
cli_path: default: op description: Used to specify the exact path to the C(op) command line interface required: false auto_login: default: {} description: - A dictionary containing authentication details. If this is set, M(onepassword_facts) will attempt to login to 1password automatically. - The required values can be stored in Ansible Vault, and passed to the module securely that way. - Without this option, you must have already logged in via the 1Password CLI before running Ansible. required: false suboptions: account: description: - 1Password account name (<account>.1password.com). masterpassword: description: - The master password for your user. secretkey: description: - The secret key for your user. username: description: - 1Password username. search_terms: description: - A list of one or more search terms. - Each search term can either be a simple string or it can be a dictionary for more control. - When passing a simple string, I(field) is assumed to be C(password). - When passing a dictionary, the following fields are available. required: true suboptions: field: description: - The name of the field to search for within this item (optional, defaults to "password" (or "document" if the item has an attachment). name: description: - The name of the 1Password item to search for (required). section: description: - The name of a section within this item containing the specified field (optional, will search all sections if not specified). vault: description: - The name of the particular 1Password vault to search, useful if your 1Password user has access to multiple vaults (optional).
onepassword: description: Dictionary of each 1password item matching the given search terms, shows what would be returned from the third example above. returned: success sample: A 1Password item with document attachment: document: the contents of the document attached to this item My 1Password item: Custom field name: the value of this field password: the value of this field My Other 1Password item: password: the value of this field type: dict