Note
This lookup plugin is part of the community.general collection (version 10.7.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.
To use it in a playbook, specify: community.general.onepassword_raw.
op command line utility to fetch an entire item from 1Password.The below requirements are needed on the local controller node that executes this lookup.
op 1Password command line utilityParameter | Comments |
|---|---|
Terms list / elements=string / required | Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve. |
This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.onepassword_raw', key1=value1, key2=value2, ...) and query('community.general.onepassword_raw', key1=value1, key2=value2, ...)
Parameter | Comments |
|---|---|
account_id string added in community.general 7.5.0 | The account ID to target. |
connect_host string added in community.general 8.1.0 | The host for 1Password Connect. Must be used in combination with Configuration:
|
connect_token string added in community.general 8.1.0 | The token for 1Password Connect. Must be used in combination with Configuration:
|
domain string added in community.general 6.0.0 | Domain of 1Password. Default: |
master_password aliases: vault_password string | The password used to unlock the specified vault. |
secret_key string | The secret key used when performing an initial sign in. |
section string | Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section. |
service_account_token string added in community.general 7.1.0 | The access key for a service account. Only works with 1Password CLI version 2 or later. Configuration:
|
subdomain string | The 1Password subdomain to authenticate against. |
username string | The username used to sign in. |
vault string | Vault containing the item to retrieve (case-insensitive). If absent will search all vaults. |
Note
lookup('community.general.onepassword_raw', term1, term2, key1=value1, key2=value2) and query('community.general.onepassword_raw', term1, term2, key1=value1, key2=value2)
~/.op/config, ~/.config/op/config or ~/.config/.op/config exists), then only the master_password is required. You may optionally specify subdomain in this scenario, otherwise the last used subdomain will be used by op.subdomain, username, secret_key, and master_password.account_id.op version 2.7.2.---
- name: Retrieve all data about Wintermute
ansible.builtin.debug:
var: lookup('community.general.onepassword_raw', 'Wintermute')
- name: Retrieve all data about Wintermute when not signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword_raw', 'Wintermute', subdomain='Turing', vault_password='DmbslfLvasjdl')
Key | Description |
|---|---|
Return value list / elements=dictionary | Entire item requested. Returned: success |
© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/onepassword_raw_lookup.html