Try SpotterFetch facts from 1Password items
| "added in version" 2.7 of ansible.builtin"
Authors: Ryan Conway (@rylon)
preview | supported by community
pipInstall with pip install ansible==2.7.18
M(onepassword_facts) wraps the C(op) command line utility to fetch data about one or more 1password items and return as Ansible facts.
A fatal error occurs if any of the items being searched for can not be found.
Recommend using with the C(no_log) option to avoid logging the values of the secrets being retrieved.
# Gather secrets from 1Password, assuming there is a 'password' field:
- name: Get a password
onepassword_facts:
search_terms: My 1Password item
delegate_to: local
no_log: true # Don't want to log the secrets to the console!
# Gather secrets from 1Password, with more advanced search terms:
- name: Get a password
onepassword_facts:
search_terms:
- name: My 1Password item
field: Custom field name # optional, defaults to 'password'
section: Custom section name # optional, defaults to 'None'
vault: Name of the vault # optional, only necessary if there is more than 1 Vault available
delegate_to: local
no_log: true # Don't want to log the secrets to the console!
# Gather secrets combining simple and advanced search terms to retrieve two items, one of which we fetch two
# fields. In the first 'password' is fetched, as a field name is not specified (default behaviour) and in the
# second, 'Custom field name' is fetched, as that is specified explicitly.
- name: Get a password
onepassword_facts:
search_terms:
- My 1Password item # 'name' is optional when passing a simple string...
- name: My Other 1Password item # ...but it can also be set for consistency
- name: My 1Password item
field: Custom field name # optional, defaults to 'password'
section: Custom section name # optional, defaults to 'None'
vault: Name of the vault # optional, only necessary if there is more than 1 Vault available
- name: A 1Password item with document attachment
delegate_to: local
no_log: true # Don't want to log the secrets to the console!
cli_path:
default: op
description: Used to specify the exact path to the C(op) command line interface
required: false
auto_login:
default: {}
description:
- A dictionary containing authentication details. If this is set, M(onepassword_facts)
will attempt to login to 1password automatically.
- The required values can be stored in Ansible Vault, and passed to the module securely
that way.
- Without this option, you must have already logged in via the 1Password CLI before
running Ansible.
required: false
suboptions:
account:
description:
- 1Password account name (<account>.1password.com).
masterpassword:
description:
- The master password for your user.
secretkey:
description:
- The secret key for your user.
username:
description:
- 1Password username.
search_terms:
description:
- A list of one or more search terms.
- Each search term can either be a simple string or it can be a dictionary for more
control.
- When passing a simple string, I(field) is assumed to be C(password).
- When passing a dictionary, the following fields are available.
required: true
suboptions:
field:
description:
- The name of the field to search for within this item (optional, defaults to
"password" (or "document" if the item has an attachment).
name:
description:
- The name of the 1Password item to search for (required).
section:
description:
- The name of a section within this item containing the specified field (optional,
will search all sections if not specified).
vault:
description:
- The name of the particular 1Password vault to search, useful if your 1Password
user has access to multiple vaults (optional).
onepassword:
description: Dictionary of each 1password item matching the given search terms,
shows what would be returned from the third example above.
returned: success
sample:
A 1Password item with document attachment:
document: the contents of the document attached to this item
My 1Password item:
Custom field name: the value of this field
password: the value of this field
My Other 1Password item:
password: the value of this field
type: dict