community / community.general / 1.3.11 / lookup / credstash retrieve secrets from Credstash on AWS Authors: Unknown (!UNKNOWN)community.general.credstash (1.3.11) — lookup
Install with ansible-galaxy collection install community.general:==1.3.11
collections: - name: community.general version: 1.3.11
Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/fugue/credstash
- name: first use credstash to store your secrets ansible.builtin.shell: credstash put my-github-password secure123
- name: "Test credstash lookup plugin -- get my github password" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-github-password') }}"
- name: "Test credstash lookup plugin -- get my other password from us-west-1" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-other-password', region='us-west-1') }}"
- name: "Test credstash lookup plugin -- get the company's github password" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'company-github-password', table='company-passwords') }}"
- name: Example play using the 'context' feature hosts: localhost vars: context: app: my_app environment: production tasks: - name: "Test credstash lookup plugin -- get the password with a context passed as a variable" ansible.builtin.debug: msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}" - name: "Test credstash lookup plugin -- get the password with a context defined here" ansible.builtin.debug: msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"
table: default: credential-store description: name of the credstash table to query required: true _terms: description: term or list of terms to lookup in the credit store required: true type: list region: description: AWS region version: description: Credstash version profile_name: description: AWS profile to use for authentication env: - name: AWS_PROFILE aws_access_key_id: description: AWS access key ID env: - name: AWS_ACCESS_KEY_ID aws_session_token: description: AWS session token env: - name: AWS_SESSION_TOKEN aws_secret_access_key: description: AWS access key env: - name: AWS_SECRET_ACCESS_KEY
_raw: description: - Value(s) stored in Credstash. type: str