Try SpotterManages secrets
Authors: GCore (@GCore)
Install with ansible-galaxy collection install gcore.cloud:==1.0.1
collections:
- name: gcore.cloud
version: 1.0.1Create or delete secret
- name: Create new secret
gcore.cloud.secret:
api_key: "{{ api_key }}"
region_id: "{{ region_id }}"
project_id: "{{ project_id }}"
command: create
expiration: "2025-12-28T19:14:44.180394"
name: "AES key"
payload: {
'certificate': '<certificate>',
'private_key': '<private_key>',
'certificate_chain': '<certificate_chain>'
}
- name: Delete secret
gcore.cloud.secret:
api_key: "{{ api_key }}"
region_id: "{{ region_id }}"
project_id: "{{ project_id }}"
comamnd: delete
secret_id: "{{ secret_id }}"
name:
description:
- Secret name
- Required if I(command) is create
required: false
type: str
api_key:
description:
- GCore API auth key
- Can be passed as I(CLOUD_API_KEY) environment variable.
type: str
command:
choices:
- create
- delete
description:
- Operation to perform.
required: true
type: str
payload:
description:
- Secret payload.
- Contains certificate, private_key and certificate_chain fields
- Required if I(command) is create
required: false
type: dict
api_host:
default: https://api.gcore.com/cloud
description:
- GCore API base host
- Can be passed as I(CLOUD_API_HOST) environment variable.
type: str
region_id:
description:
- GCore API region ID
- Required if I(region_name) is not passed
- Can be passed as I(CLOUD_REGION_ID) environment variable.
type: int
secret_id:
description:
- Secret ID.
- Required if I(command) is delete
required: false
type: str
expiration:
description:
- Datetime when the secret will expire.
- Used if I(command) is create
required: false
type: str
project_id:
description:
- GCore API project ID
- Required if I(project_name) is not passed
- Can be passed as I(CLOUD_PROJECT_ID) environment variable.
type: int
api_timeout:
default: 30
description:
- Timeout in seconds to polling GCore API
type: int
region_name:
description:
- GCore API region name
- Required if I(region_id) is not passed
- Can be passed as I(CLOUD_REGION_NAME) environment variable.
type: str
project_name:
description:
- GCore API project name
- Required if I(project_id) is not passed
- Can be passed as I(CLOUD_PROJECT_NAME) environment variable.
type: str
secret:
contains:
algorithm:
description: Metadata provided by a user or system for informational purposes
returned: always
sample: aes
type: str
bit_length:
description: Metadata provided by a user or system for informational purposes
returned: always
sample: 256
type: int
content_types:
description: Describes the content-types that can be used to retrieve the payload
returned: always
sample:
default: application/octet-stream
type: dict
created:
description: Datetime when the secret was created
returned: always
sample: '2023-03-23T20:00:00+00:00'
type: str
expiration:
description: Datetime when the secret will expire
returned: always
sample: '2023-06-23T20:00:00+00:00'
type: str
id:
description: Secret ID
returned: always
sample: bfc7824b-31b6-4a28-a0c4-7df137139215
type: str
mode:
description: Metadata provided by a user or system for informational purposes
returned: always
sample: cbc
type: str
name:
description: Secret name
returned: always
sample: AES key
type: str
secret_type:
description: Secret type, base64 encoded.
returned: always
sample: opaque
type: str
status:
description: Status
returned: always
sample: ACTIVE
type: str
description:
- Response depends of I(command).
- Resource dictionary.
returned: always
type: complex