Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.credstash
.
The below requirements are needed on the local controller node that executes this lookup.
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_terms list / elements=string / required | term or list of terms to lookup in the credit store | ||
aws_access_key_id string | env:AWS_ACCESS_KEY_ID | AWS access key ID | |
aws_secret_access_key string | env:AWS_SECRET_ACCESS_KEY | AWS access key | |
aws_session_token string | env:AWS_SESSION_TOKEN | AWS session token | |
profile_name string | env:AWS_PROFILE | AWS profile to use for authentication | |
region string | AWS region | ||
table string / required | Default: "credential-store" | name of the credstash table to query | |
version string | Credstash version |
- name: first use credstash to store your secrets ansible.builtin.shell: credstash put my-github-password secure123 - name: "Test credstash lookup plugin -- get my github password" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-github-password') }}" - name: "Test credstash lookup plugin -- get my other password from us-west-1" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'my-other-password', region='us-west-1') }}" - name: "Test credstash lookup plugin -- get the company's github password" ansible.builtin.debug: msg: "Credstash lookup! {{ lookup('community.general.credstash', 'company-github-password', table='company-passwords') }}" - name: Example play using the 'context' feature hosts: localhost vars: context: app: my_app environment: production tasks: - name: "Test credstash lookup plugin -- get the password with a context passed as a variable" ansible.builtin.debug: msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}" - name: "Test credstash lookup plugin -- get the password with a context defined here" ansible.builtin.debug: msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw string | success | Value(s) stored in Credstash. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/credstash_lookup.html