masterlittle.google.gsm (1.0.9) — lookup

Look up secrets stored in Google Secrets Manager.

Authors: Shitij Goyal<goyalshitij@gmail.com>

Install collection

Install with ansible-galaxy collection install masterlittle.google:==1.0.9


Add to requirements.yml

  collections:
    - name: masterlittle.google
      version: 1.0.9

Description

Look up secrets stored in Google Secrets Manager provided the caller has the appropriate permissions to read the secret.

Lookup is based on the secret's I(Name) value.

Optional parameters can be passed into this lookup; I(version_id)


Requirements

Usage examples

1
  • Error
    Use a fully-qualified name, such as 'ansible.builtin.debug' instead of 'debug'.
1
  • Hint
    Inline module parameters used in module 'debug' also use Jinja expression. Will not be checked further.
 - name: lookup secretsmanager secret in the current region
   debug: msg="{{ lookup('masterlittle.google.gsm','/path/to/secrets', project_id='project-id') }}"
1
  • Error
    Use a fully-qualified name, such as 'ansible.builtin.debug' instead of 'debug'.
1
  • Hint
    Inline module parameters used in module 'debug' also use Jinja expression. Will not be checked further.
 - name: skip if secret does not exist
   debug: msg="{{ lookup('masterlittle.google.gsm', 'secret-not-exist', project_id='project-id', on_missing='skip')}}"
1
  • Error
    Use a fully-qualified name, such as 'ansible.builtin.debug' instead of 'debug'.
1
  • Hint
    Inline module parameters used in module 'debug' also use Jinja expression. Will not be checked further.
 - name: warn if access to the secret is denied
   debug: msg="{{ lookup('masterlittle.google.gsm', 'secret-denied', project_id='project-id', on_denied='warn')}}"
1
  • Error
    Use a fully-qualified name, such as 'ansible.builtin.debug' instead of 'debug'.
1
  • Hint
    Inline module parameters used in module 'debug' also use Jinja expression. Will not be checked further.
 - name: lookup secretsmanager secret in the current region using the nested feature
   debug: msg="{{ lookup('masterlittle.google.gsm', 'secrets.environments.production.password', project_id='project-id', nested=true) }}"

Inputs

    
join:
    default: false
    description:
    - Join two or more entries to form an extended secret.
    type: boolean

_terms:
    description: Name of the secret to look up in Google Secrets Manager.
    required: true

nested:
    default: false
    description: A boolean to indicate the secret contains nested values.
    type: boolean
    version_added: 1.0.0
    version_added_collection: masterlittle.google

on_denied:
    choices:
    - error
    - skip
    - warn
    default: error
    description:
    - Action to take if access to the secret is denied.
    - C(error) will raise a fatal error when access to the secret is denied.
    - C(skip) will silently ignore the denied secret.
    - C(warn) will skip over the denied secret but issue a warning.
    type: string

on_missing:
    choices:
    - error
    - skip
    - warn
    default: error
    description:
    - Action to take if the secret is missing.
    - C(error) will raise a fatal error when the secret is missing.
    - C(skip) will silently ignore the missing secret.
    - C(warn) will skip over the missing secret but issue a warning.
    type: string

project_id:
    description: The project ID in which the secrets reside
    required: true

version_id:
    description: Version of the secret(s).
    required: false

Outputs

_raw:
  description: Returns the value of the secret stored in Google Secrets Manager.