freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipavault Manage vaults and secret vaults. Authors: Rafael Jeffman preview | supported by communityfreeipa.ansible_freeipa.ipavault (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage vaults and secret vaults. KRA service must be enabled.
# Ensure vault symvault is present - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin vault_type: symmetric password: SomeVAULTpassword salt: MTIzNDU2Nzg5MAo=
# Ensure group ipausers is a vault member. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin groups: ipausers action: member
# Ensure group ipausers is not a vault member. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin groups: ipausers action: member state: absent
# Ensure vault users are present. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin users: - user01 - user02 action: member
# Ensure vault users are absent. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin users: - user01 - user02 action: member status: absent
# Ensure user owns vault. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin action: member owners: user01
# Ensure user does not own vault. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin owners: user01 action: member status: absent
# Ensure data is archived to a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin password: SomeVAULTpassword data: > Data archived. More data archived. action: member
# Retrieve data archived from a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin password: SomeVAULTpassword state: retrieved register: result
- debug: msg: "{{ result.vault.data }}"
# Change password of a symmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: admin old_password: SomeVAULTpassword new_password: SomeNEWpassword
# Ensure vault symvault is absent - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: symvault user: admin state: absent
# Ensure asymmetric vault is present. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 description: An asymmetric vault vault_type: asymmetric public_key: | LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTR HTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi 9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM 295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlV bFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVk tLS0tLQo=
# Ensure data is archived in an asymmetric vault - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin data: > Data archived. More data archived. action: member
# Retrive data archived in an asymmetric vault, using a private key file. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin private_key_file: private.pem state: retrieved
# Ensure asymmetric vault is absent. - freeipa.ansible_freeipa.ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 vault_type: asymmetric state: absent
in: aliases: - datafile_in description: Path to file with data to be stored in the vault. required: false type: string out: aliases: - datafile_out description: Path to file to store data retrieved from the vault. required: false type: string data: aliases: - ipavaultdata - vault_data description: Data to be stored in the vault. required: false type: string name: aliases: - cn description: The vault name required: true salt: aliases: - ipavaultsalt - vault_salt description: Vault salt. required: false type: list state: choices: - present - absent - retrieved default: present description: State to ensure users: description: Users that are member of the vault. required: false type: list action: choices: - vault - member default: vault description: Work on vault or member level. groups: description: Groups that are member of the vault. required: false type: list owners: aliases: - ownerusers description: Users that are owners of the vault. required: false type: list shared: description: Vault is shared. required: false type: boolean service: description: Any service can own one or more service vaults. required: false type: list password: aliases: - ipavaultpassword - vault_password - old_password description: password to be used on symmetric vault. required: false type: string services: description: Services that are member of the container. required: false type: list username: aliases: - user description: Any user can own one or more user vaults. required: false type: string public_key: aliases: - ipavaultpublickey - vault_public_key description: Base64 encode public key. required: false type: string vault_type: aliases: - ipavaulttype choices: - standard - symmetric - asymmetric default: symmetric description: Vault types are based on security level. required: true description: description: The vault description required: false ownergroups: description: Groups that are owners of the vault. required: false type: list private_key: aliases: - ipavaultprivatekey - vault_private_key description: Base64 encode private key. required: false type: string new_password: description: new password to be used on symmetric vault. required: false type: string ownerservices: description: Services that are owners of the vault. required: false type: list password_file: aliases: - vault_password_file - old_password_file description: file with password to be used on symmetric vault. required: false type: string ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false public_key_file: aliases: - vault_public_key_file description: Path to file with public key. required: false type: string private_key_file: aliases: - vault_private_key_file description: Path to file with private key. required: false type: string ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool new_password_file: description: file with new password to be used on symmetric vault. required: false type: string ipaadmin_principal: default: admin description: The admin principal.
vault: description: Vault dict with archived data. options: data: description: The vault data. returned: always type: string returned: If state is `retrieved`. type: dict