freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipavault Manage vaults and secret vaults. Authors: Rafael Guterres Jeffman (@rjeffman), Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipavault (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage vaults and secret vaults. KRA service must be enabled.
# Ensure vault symvault is present - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin vault_type: symmetric password: SomeVAULTpassword salt: MTIzNDU2Nzg5MAo=
# Ensure group ipausers is a vault member. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin groups: ipausers action: member
# Ensure group ipausers is not a vault member. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin groups: ipausers action: member state: absent
# Ensure vault users are present. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin users: - user01 - user02 action: member
# Ensure vault users are absent. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin users: - user01 - user02 action: member status: absent
# Ensure user owns vault. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin action: member owners: user01
# Ensure user does not own vault. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin owners: user01 action: member status: absent
# Ensure data is archived to a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin password: SomeVAULTpassword data: > Data archived. More data archived. action: member
# Retrieve data archived from a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin password: SomeVAULTpassword state: retrieved register: result
- debug: msg: "{{ result.vault.data }}"
# Change password of a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin old_password: SomeVAULTpassword new_password: SomeNEWpassword
# Ensure vault symvault is absent - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault user: admin state: absent
# Ensure asymmetric vault is present. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 description: An asymmetric vault vault_type: asymmetric public_key: | LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTR HTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi 9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM 295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlV bFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVk tLS0tLQo=
# Ensure data is archived in an asymmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin data: > Data archived. More data archived. action: member
# Retrive data archived in an asymmetric vault, using a private key file. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin private_key_file: private.pem state: retrieved
# Ensure asymmetric vault is absent. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 vault_type: asymmetric state: absent
in: aliases: - datafile_in description: Path to file with data to be stored in the vault. required: false type: str out: aliases: - datafile_out description: Path to file to store data retrieved from the vault. required: false type: str data: aliases: - ipavaultdata - vault_data description: Data to be stored in the vault. required: false type: str name: aliases: - cn description: The vault name elements: str required: true type: list state: choices: - present - absent - retrieved default: present description: State to ensure type: str users: description: Users that are member of the vault. elements: str required: false type: list action: choices: - vault - data - member default: vault description: Work on vault or member level. type: str groups: description: Groups that are member of the vault. elements: str required: false type: list owners: aliases: - ownerusers description: Users that are owners of the vault. elements: str required: false type: list shared: description: Vault is shared. required: false type: bool service: description: Any service can own one or more service vaults. required: false type: str password: aliases: - ipavaultpassword - vault_password - old_password description: password to be used on symmetric vault. required: false type: str services: description: Services that are member of the container. elements: str required: false type: list username: aliases: - user description: Any user can own one or more user vaults. required: false type: str vault_salt: aliases: - ipavaultsalt - salt description: Vault salt. required: false type: str vault_type: aliases: - ipavaulttype choices: - standard - symmetric - asymmetric description: Vault types are based on security level. required: false type: str description: description: The vault description required: false type: str ownergroups: description: Groups that are owners of the vault. elements: str required: false type: list private_key: aliases: - ipavaultprivatekey - vault_private_key description: Base64 encode private key. required: false type: str new_password: description: new password to be used on symmetric vault. required: false type: str ownerservices: description: Services that are owners of the vault. elements: str required: false type: list password_file: aliases: - vault_password_file - old_password_file description: file with password to be used on symmetric vault. required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str private_key_file: aliases: - vault_private_key_file description: Path to file with private key. required: false type: str vault_public_key: aliases: - ipavaultpublickey - public_key - new_public_key description: Base64 encode public key. required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool new_password_file: description: file with new password to be used on symmetric vault. required: false type: str ipaadmin_principal: default: admin description: The admin principal. type: str vault_public_key_file: aliases: - public_key_file - new_public_key_file description: Path to file with public key. required: false type: str
vault: contains: data: description: The vault data. returned: always type: str description: Vault dict with archived data. returned: If state is `retrieved`. type: dict