Try SpotterGet Azure Key Vault facts
| "added in version" 0.1.2 of azure.azcollection"
Authors: Yunge Zhu (@yungezz)
Install with ansible-galaxy collection install azure.azcollection:==2.3.0
collections:
- name: azure.azcollection
version: 2.3.0Get facts of Azure Key Vault.
- name: Get Key Vault by name
azure_rm_keyvault_info:
resource_group: myResourceGroup
name: myVault
- name: List Key Vaults in specific resource group
azure_rm_keyvault_info:
resource_group: myResourceGroup
- name: List Key Vaults in current subscription azure_rm_keyvault_info:
name:
description:
- The name of the key vault.
type: str
tags:
description:
- Limit results by providing a list of tags. Format tags as 'key' or 'key:value'.
elements: str
type: list
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
log_mode:
description:
- Parent argument.
type: str
log_path:
description:
- Parent argument.
type: str
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Azure client ID. Use when authenticating with a Service Principal or Managed Identity
(msi).
- Can also be set via the C(AZURE_CLIENT_ID) environment variable.
type: str
thumbprint:
description:
- The thumbprint of the private key specified in I(x509_certificate_path).
- Use when authenticating with a Service Principal.
- Required if I(x509_certificate_path) is defined.
type: str
version_added: 1.14.0
version_added_collection: azure.azcollection
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
resource_group:
description:
- The name of the resource group to which the key vault belongs.
type: str
subscription_id:
description:
- Your Azure subscription Id.
type: str
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
x509_certificate_path:
description:
- Path to the X509 certificate used to create the service principal in PEM format.
- The certificate must be appended to the private key.
- Use when authenticating with a Service Principal.
type: path
version_added: 1.14.0
version_added_collection: azure.azcollection
disable_instance_discovery:
default: false
description:
- Determines whether or not instance discovery is performed when attempting to authenticate.
Setting this to true will completely disable both instance discovery and authority
validation. This functionality is intended for use in scenarios where the metadata
endpoint cannot be reached such as in private clouds or Azure Stack. The process
of instance discovery entails retrieving authority metadata from https://login.microsoft.com/
to validate the authority. By setting this to **True**, the validation of the authority
is disabled. As a result, it is crucial to ensure that the configured authority
host is valid and trustworthy.
- Set via credential file profile or the C(AZURE_DISABLE_INSTANCE_DISCOVERY) environment
variable.
type: bool
version_added: 2.3.0
version_added_collection: azure.azcollection
keyvaults:
contains:
access_policies:
contains:
object_id:
description: The object if of a user, service principal or security group
in AAD for the vault.
returned: always
sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
type: str
permissions:
contains:
certificates:
description: Permissions to secrets.
returned: always
sample:
- get
- import
type: list
keys:
description: Permissions to keys.
returned: always
sample:
- get
- create
type: list
secrets:
description: Permissions to secrets.
returned: always
sample:
- list
- set
type: list
description: Permissions the identity has for keys, secrets and certificates.
returned: always
type: complex
tenant_id:
description: The AAD tenant iD that should be used for authenticating requests
to the key vault.
returned: always
sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
type: str
description:
- List of policies.
returned: always
type: list
enable_purge_protection:
description:
- Property specifying whether protection against purge is enabled for this vault.
returned: always
sample: false
type: bool
enable_soft_delete:
description:
- Property to specify whether Azure Resource Manager is permitted to retrieve
secrets from the key vault.
returned: always
sample: true
type: bool
enabled_for_deployments:
description:
- Whether Azure Virtual Machines are permitted to retrieve certificates stored
as secrets from the key vault.
returned: always
sample: false
type: bool
enabled_for_disk_encryption:
description:
- Whether Azure Disk Encryption is permitted to retrieve secrets from the vault
and unwrap keys.
returned: always
sample: false
type: bool
enabled_for_template_deployment:
description:
- Whether Azure Resource Manager is permitted to retrieve secrets from the key
vault.
returned: always
sample: false
type: bool
id:
description:
- Resource Id of the vault.
returned: always
sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVault
type: str
location:
description:
- Location of the vault.
returned: always
sample: eastus
type: str
name:
description:
- Name of the vault.
returned: always
sample: myVault
type: str
sku:
contains:
family:
description: Sku family name.
returned: always
sample: A
type: str
name:
description: Sku name.
returned: always
sample: standard
type: str
description:
- Sku of the vault.
returned: always
type: dict
soft_delete_retention_in_days:
description:
- Property specifying the number of days to retain deleted vaults.
returned: always
sample: 90
type: int
tags:
description:
- List of tags.
sample:
- foo
type: list
vault_uri:
description:
- Vault uri.
returned: always
sample: https://myVault.vault.azure.net/
type: str
description: List of Azure Key Vaults.
returned: always
type: list