Try SpotterFetch field values from 1Password
Authors: Scott Buchanan (@scottsb), Andrew Zenk (@azenk), Sam Doran (@samdoran)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password.
# These examples only work when already signed in to 1Password
- name: Retrieve password for KITT when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'KITT')
- name: Retrieve password for Wintermute when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'Tessier-Ashpool', section='Wintermute')
- name: Retrieve username for HAL when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'HAL 9000', field='username', vault='Discovery')
- name: Retrieve password for HAL when not signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
master_password=vault_master_password)
- name: Retrieve password for HAL when never signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
master_password=vault_master_password,
username='tweety@acme.com',
secret_key=vault_secret_key)
- name: Retrieve password from specific account
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
account_id='abc123')
field:
default: password
description: Field to return from each matching item (case-insensitive).
type: str
vault:
description: Vault containing the item to retrieve (case-insensitive). If absent will
search all vaults.
type: str
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
domain:
default: 1password.com
description: Domain of 1Password.
type: str
version_added: 3.2.0
version_added_collection: community.general
section:
description: Item section containing the field to retrieve (case-insensitive). If
absent will return first match from any section.
username:
description: The username used to sign in.
type: str
subdomain:
description: The 1Password subdomain to authenticate against.
type: str
account_id:
description: The account ID to target.
type: str
version_added: 7.5.0
version_added_collection: community.general
secret_key:
description: The secret key used when performing an initial sign in.
type: str
connect_host:
description: The host for 1Password Connect. Must be used in combination with O(connect_token).
env:
- name: OP_CONNECT_HOST
type: str
version_added: 8.1.0
version_added_collection: community.general
connect_token:
description: The token for 1Password Connect. Must be used in combination with O(connect_host).
env:
- name: OP_CONNECT_TOKEN
type: str
version_added: 8.1.0
version_added_collection: community.general
master_password:
aliases:
- vault_password
description: The password used to unlock the specified vault.
type: str
service_account_token:
description:
- The access key for a service account.
- Only works with 1Password CLI version 2 or later.
env:
- name: OP_SERVICE_ACCOUNT_TOKEN
version_added: 8.2.0
version_added_collection: community.general
type: str
version_added: 7.1.0
version_added_collection: community.general
_raw: description: Field data requested. elements: str type: list