Note
This module is part of ansible-base
and included in all Ansible installations. In most cases, you can use the short module name password even without specifying the collections:
keyword. Despite that, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.
New in version 1.1: of ansible.builtin
"{{ inventory_hostname }}"
in the filepath can be used to set up random passwords per host, which simplifies password management in "host_vars"
variables.Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_terms string / required | path to the file that stores/will store the passwords | ||
chars string added in 1.4 of ansible.builtin | Define comma separated list of names that compose a custom character set in the generated passwords. By default generated passwords contain a random mix of upper and lowercase ASCII letters, the numbers 0-9 and punctuation (". , : - _"). They can be either parts of Python's string module attributes (ascii_letters,digits, etc) or are used literally ( :, -). To enter comma use two commas ',,' somewhere - preferably at the end. Quotes and double quotes are not supported. | ||
encrypt string | Which hash scheme to encrypt the returning password, should be one hash scheme from passlib.hash; md5_crypt, bcrypt, sha256_crypt, sha512_crypt
If not provided, the password will be returned in plain text. Note that the password is always stored as plain text, only the returning password is encrypted. Encrypt also forces saving the salt value for idempotence. Note that before 2.6 this option was incorrectly labeled as a boolean for a long time. | ||
length integer | Default: 20 | The length of the generated password. |
Note
- name: create a mysql user with a random password mysql_user: name: "{{ client }}" password: "{{ lookup('password', 'credentials/' + client + '/' + tier + '/' + role + '/mysqlpassword length=15') }}" priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL" - name: create a mysql user with a random password using only ascii letters mysql_user: name: "{{ client }}" password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}" priv: '{{ client }}_{{ tier }}_{{ role }}.*:ALL' - name: create a mysql user with an 8 character random password using only digits mysql_user: name: "{{ client }}" password: "{{ lookup('password', '/tmp/passwordfile length=8 chars=digits') }}" priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL" - name: create a mysql user with a random password using many different char sets mysql_user: name: "{{ client }}" password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}" priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL"
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw list / elements=string | success | a password |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ansible/builtin/password_lookup.html