community / community.general / 3.8.10 / lookup / passwordstore manage passwords with passwordstore.org's pass utility Authors: Patrick Deelman (!UNKNOWN) <patrick@patrickdeelman.nl>community.general.passwordstore (3.8.10) — lookup
Install with ansible-galaxy collection install community.general:==3.8.10
collections: - name: community.general version: 3.8.10
Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. It also retrieves YAML style keys stored as multilines in the passwordfile.
# Debug is used for examples, BAD IDEA to show passwords on screen - name: Basic lookup. Fails if example/test doesn't exist ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test')}}"
- name: Basic lookup. Warns if example/test does not exist and returns empty string ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test missing=warn')}}"
- name: Create pass with random 16 character password. If password exists just give the password ansible.builtin.debug: var: mypassword vars: mypassword: "{{ lookup('community.general.passwordstore', 'example/test create=true')}}"
- name: Create pass with random 16 character password. If password exists just give the password ansible.builtin.debug: var: mypassword vars: mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=create')}}"
- name: Prints 'abc' if example/test does not exist, just give the password otherwise ansible.builtin.debug: var: mypassword vars: mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=empty') | default('abc', true) }}"
- name: Different size password ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test create=true length=42')}}"
- name: Create password and overwrite the password if it exists. As a bonus, this module includes the old password inside the pass file ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test create=true overwrite=true')}}"
- name: Create an alphanumeric password ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test create=true nosymbols=true') }}"
- name: Return the value for user in the KV pair user, username ansible.builtin.debug: msg: "{{ lookup('community.general.passwordstore', 'example/test subkey=user')}}"
- name: Return the entire password file content ansible.builtin.set_fact: passfilecontent: "{{ lookup('community.general.passwordstore', 'example/test returnall=true')}}"
umask: description: - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable). - Note pass' default value is C('077'). env: - name: PASSWORD_STORE_UMASK version_added: 1.3.0 version_added_collection: community.general _terms: description: query key. required: true backup: default: 'no' description: Used with C(overwrite=yes). Backup the previous password in a subkey. type: bool create: default: false description: Create the password if it does not already exist. Takes precedence over C(missing). type: bool length: default: 16 description: The length of the generated password. type: integer subkey: default: password description: Return a specific subkey of the password. When set to C(password), always returns the first line. missing: choices: - error - warn - empty - create default: error description: - List of preference about what to do if the password file is missing. - If I(create=true), the value for this option is ignored and assumed to be C(create). - If set to C(error), the lookup will error out if the passname does not exist. - If set to C(create), the passname will be created with the provided length I(length) if it does not exist. - If set to C(empty) or C(warn), will return a C(none) in case the passname does not exist. When using C(lookup) and not C(query), this will be translated to an empty string. type: str version_added: 3.1.0 version_added_collection: community.general userpass: description: Specify a password to save, instead of a generated one. directory: description: The directory of the password store. env: - name: PASSWORD_STORE_DIR nosymbols: default: 'no' description: use alphanumeric characters. type: bool overwrite: default: 'no' description: Overwrite the password if it does already exist. type: bool returnall: default: 'no' description: Return all the content of the password, not only the first line. type: bool passwordstore: default: ~/.password-store description: location of the password store.
_raw: description: - a password elements: str type: list