community / community.windows / 2.2.0 / module / win_credential Manages Windows Credentials in the Credential Manager Authors: Jordan Borean (@jborean93)community.windows.win_credential (2.2.0) — module
Install with ansible-galaxy collection install community.windows:==2.2.0
collections: - name: community.windows version: 2.2.0
Used to create and remove Windows Credentials in the Credential Manager.
This module can manage both standard username/password credentials as well as certificate credentials.
- name: Create a local only credential community.windows.win_credential: name: server.domain.com type: domain_password username: DOMAIN\username secret: Password01 state: present
- name: Remove a credential community.windows.win_credential: name: server.domain.com type: domain_password state: absent
- name: Create a credential with full values community.windows.win_credential: name: server.domain.com type: domain_password alias: server username: username@DOMAIN.COM secret: Password01 comment: Credential for server.domain.com persistence: enterprise attributes: - name: Source data: Ansible - name: Unique Identifier data: Y3VzdG9tIGF0dHJpYnV0ZQ== data_format: base64
- name: Create a certificate credential community.windows.win_credential: name: '*.domain.com' type: domain_certificate username: 0074CC4F200D27DC3877C24A92BA8EA21E6C7AF4 state: present
- name: Create a generic credential community.windows.win_credential: name: smbhost type: generic_password username: smbuser secret: smbuser state: present
- name: Remove a generic credential community.windows.win_credential: name: smbhost type: generic_password state: absent
name: description: - The target that identifies the server or servers that the credential is to be used for. - If the value can be a NetBIOS name, DNS server name, DNS host name suffix with a wildcard character (C(*)), a NetBIOS of DNS domain name that contains a wildcard character sequence, or an asterisk. - See C(TargetName) in U(https://docs.microsoft.com/en-us/windows/win32/api/wincred/ns-wincred-credentiala) for more details on what this value can be. - This is used with I(type) to produce a unique credential. required: true type: str type: choices: - domain_certificate - domain_password - generic_certificate - generic_password description: - The type of credential to store. - This is used with I(name) to produce a unique credential. - When the type is a C(domain) type, the credential is used by Microsoft authentication packages like Negotiate. - When the type is a C(generic) type, the credential is not used by any particular authentication package. - It is recommended to use a C(domain) type as only authentication providers can access the secret. required: true type: str alias: description: - Adds an alias for the credential. - Typically this is the NetBIOS name of a host if I(name) is set to the DNS name. type: str state: choices: - absent - present default: present description: - When C(absent), the credential specified by I(name) and I(type) is removed. - When C(present), the credential specified by I(name) and I(type) is added. type: str secret: description: - The secret for the credential. - When omitted, then no secret is used for the credential if a new credentials is created. - When I(type) is a password type, this is the password for I(username). - When I(type) is a certificate type, this is the pin for the certificate. type: str comment: description: - A user defined comment for the credential. type: str username: description: - When I(type) is a password type, then this is the username to store for the credential. - When I(type) is a credential type, then this is the thumbprint as a hex string of the certificate to use. - When C(type=domain_password), this should be in the form of a Netlogon (DOMAIN\Username) or a UPN (username@DOMAIN). - If using a certificate thumbprint, the certificate must exist in the C(CurrentUser\My) certificate store for the executing user. type: str attributes: description: - A list of dicts that set application specific attributes for a credential. - When set, existing attributes will be compared to the list as a whole, any differences means all attributes will be replaced. elements: dict suboptions: data: description: - The value for the attribute. type: str data_format: choices: - base64 - text default: text description: - Controls the input type for I(data). - If C(text), I(data) is a text string that is UTF-16LE encoded to bytes. - If C(base64), I(data) is a base64 string that is base64 decoded to bytes. type: str name: description: - The key for the attribute. - This is not a unique identifier as multiple attributes can have the same key. required: true type: str type: list persistence: choices: - enterprise - local default: local description: - Defines the persistence of the credential. - If C(local), the credential will persist for all logons of the same user on the same host. - C(enterprise) is the same as C(local) but the credential is visible to the same domain user when running on other hosts and not just localhost. type: str secret_format: choices: - base64 - text default: text description: - Controls the input type for I(secret). - If C(text), I(secret) is a text string that is UTF-16LE encoded to bytes. - If C(base64), I(secret) is a base64 string that is base64 decoded to bytes. type: str update_secret: choices: - always - on_create default: always description: - When C(always), the secret will always be updated if they differ. - When C(on_create), the secret will only be checked/updated when it is first created. - If the secret cannot be retrieved and this is set to C(always), the module will always result in a change. type: str