ansible.builtin.onepassword (v2.9.27) — lookup

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

C(onepassword) wraps the C(op) command line utility to fetch specific field values from 1Password.

Requirements

• C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# These examples only work when already signed in to 1Password
- name: Retrieve password for KITT when already signed in to 1Password
  debug:
    var: lookup('onepassword', 'KITT')

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Retrieve password for Wintermute when already signed in to 1Password
  debug:
    var: lookup('onepassword', 'Tessier-Ashpool', section='Wintermute')

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Retrieve username for HAL when already signed in to 1Password
  debug:
    var: lookup('onepassword', 'HAL 9000', field='username', vault='Discovery')

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Retrieve password for HAL when not signed in to 1Password
  debug:
    var: lookup('onepassword'
                'HAL 9000'
                subdomain='Discovery'
                master_password=vault_master_password)

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Retrieve password for HAL when never signed in to 1Password
  debug:
    var: lookup('onepassword'
                'HAL 9000'
                subdomain='Discovery'
                master_password=vault_master_password
                username='tweety@acme.com'
                secret_key=vault_secret_key)

Inputs

    
field:
    default: password
    description: field to return from each matching item (case-insensitive).

vault:
    description: Vault containing the item to retrieve (case-insensitive). If absent will
      search all vaults.

_terms:
    description: identifier(s) (UUID, name, or subdomain; case-insensitive) of item(s)
      to retrieve.
    required: true

section:
    description: Item section containing the field to retrieve (case-insensitive). If
      absent will return first match from any section.

username:
    description: The username used to sign in.
    version_added: '2.7'
    version_added_collection: ansible.builtin

subdomain:
    description: The 1Password subdomain to authenticate against.
    version_added: '2.7'
    version_added_collection: ansible.builtin

secret_key:
    description: The secret key used when performing an initial sign in.
    version_added: '2.7'
    version_added_collection: ansible.builtin

master_password:
    aliases:
    - vault_password
    description: The password used to unlock the specified vault.
    version_added: '2.7'
    version_added_collection: ansible.builtin

Outputs

_raw:
  description: field data requested