XLAB Steampunk logo Try Spotter
 / home / community / community.general / 8.5.0 / lookup / credstash

community.general.credstash (8.5.0) — lookup

retrieve secrets from Credstash on AWS

Authors: Unknown (!UNKNOWN)

Install collection | Add to requirements.yml | Description | Requirements | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0


Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/fugue/credstash


Requirements

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: first use credstash to store your secrets
  ansible.builtin.shell: credstash put my-github-password secure123
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Test credstash lookup plugin -- get my github password"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-github-password') }}"
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Test credstash lookup plugin -- get my other password from us-west-1"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-other-password', region='us-west-1') }}"
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Test credstash lookup plugin -- get the company's github password"
  ansible.builtin.debug:
    msg: "Credstash lookup! {{ lookup('community.general.credstash', 'company-github-password', table='company-passwords') }}"
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Example play using the 'context' feature
  hosts: localhost
  vars:
    context:
      app: my_app
      environment: production
  tasks:

  - name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}"

  - name: "Test credstash lookup plugin -- get the password with a context defined here"
    ansible.builtin.debug:
      msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"

Inputs

    
table:
    default: credential-store
    description: name of the credstash table to query
    type: str

_terms:
    description: term or list of terms to lookup in the credit store
    elements: string
    required: true
    type: list

region:
    description: AWS region
    type: str

version:
    default: ''
    description: Credstash version
    type: str

profile_name:
    description: AWS profile to use for authentication
    env:
    - name: AWS_PROFILE
    type: str

aws_access_key_id:
    description: AWS access key ID
    env:
    - name: AWS_ACCESS_KEY_ID
    type: str

aws_session_token:
    description: AWS session token
    env:
    - name: AWS_SESSION_TOKEN
    type: str

aws_secret_access_key:
    description: AWS access key
    env:
    - name: AWS_SECRET_ACCESS_KEY
    type: str

Outputs

_raw:
  description:
  - Value(s) stored in Credstash.
  type: str
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy