community / community.general / 6.6.8 / lookup / passwordstore manage passwords with passwordstore.org's pass utility Authors: Patrick Deelman (!UNKNOWN) <patrick@patrickdeelman.nl>community.general.passwordstore (6.6.8) — lookup
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. It also retrieves YAML style keys stored as multilines in the passwordfile.
To avoid problems when accessing multiple secrets at once, add C(auto-expand-secmem) to C(~/.gnupg/gpg-agent.conf). Where this is not possible, consider using I(lock=readwrite) instead.
lock: choices: - readwrite - write - none default: write description: - How to synchronize operations. - The default of C(write) only synchronizes write operations. - C(readwrite) synchronizes all operations (including read). This makes sure that gpg-agent is never called in parallel. - C(none) does not do any synchronization. ini: - key: lock section: passwordstore_lookup type: str version_added: 4.5.0 version_added_collection: community.general umask: description: - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable). - Note pass' default value is C('077'). env: - name: PASSWORD_STORE_UMASK version_added: 1.3.0 version_added_collection: community.general _terms: description: query key. required: true backup: default: false description: Used with C(overwrite=true). Backup the previous password in a subkey. type: bool create: default: false description: Create the password if it does not already exist. Takes precedence over C(missing). type: bool length: default: 16 description: The length of the generated password. type: integer subkey: default: password description: Return a specific subkey of the password. When set to C(password), always returns the first line. type: str backend: choices: - pass - gopass default: pass description: - Specify which backend to use. - Defaults to C(pass), passwordstore.org's original pass utility. - C(gopass) support is incomplete. ini: - key: backend section: passwordstore_lookup type: str vars: - name: passwordstore_backend version_added: 5.2.0 version_added_collection: community.general missing: choices: - error - warn - empty - create default: error description: - List of preference about what to do if the password file is missing. - If I(create=true), the value for this option is ignored and assumed to be C(create). - If set to C(error), the lookup will error out if the passname does not exist. - If set to C(create), the passname will be created with the provided length I(length) if it does not exist. - If set to C(empty) or C(warn), will return a C(none) in case the passname does not exist. When using C(lookup) and not C(query), this will be translated to an empty string. type: str version_added: 3.1.0 version_added_collection: community.general userpass: description: Specify a password to save, instead of a generated one. type: str directory: description: - The directory of the password store. - If I(backend=pass), the default is C(~/.password-store) is used. - If I(backend=gopass), then the default is the C(path) field in C(~/.config/gopass/config.yml), falling back to C(~/.local/share/gopass/stores/root) if C(path) is not defined in the gopass config. env: - name: PASSWORD_STORE_DIR type: path vars: - name: passwordstore nosymbols: default: false description: Use alphanumeric characters. type: bool overwrite: default: false description: Overwrite the password if it does already exist. type: bool returnall: default: false description: Return all the content of the password, not only the first line. type: bool locktimeout: default: 15m description: - Lock timeout applied when I(lock) is not C(none). - Time with a unit suffix, C(s), C(m), C(h) for seconds, minutes, and hours, respectively. For example, C(900s) equals C(15m). - Correlates with C(pinentry-timeout) in C(~/.gnupg/gpg-agent.conf), see C(man gpg-agent) for details. ini: - key: locktimeout section: passwordstore_lookup type: str version_added: 4.5.0 version_added_collection: community.general
_raw: description: - a password elements: str type: list