vault¶
Collection Note
This module is part of the ansible.builtin collection. To install the collection, use:
Added in version2.12.
Synopsis¶
- Put your information into an encrypted Ansible Vault.
Parameters¶
| Parameter | Defaults / Choices | Comments |
|---|---|---|
| _input string required |
Data to vault. | |
| salt string |
Encryption salt, will be random if not provided. While providing one makes the resulting encrypted string reproducible, it can lower the security of the vault. |
|
| secret string required |
Vault secret, the key that lets you open the vault. | |
| vault_id string |
Default: filter_default |
Secret identifier, used internally to try to best match a secret when multiple are provided. |
| wrap_object bool |
This toggle can force the return of an C(AnsibleVaultEncryptedUnicode) string object, when V(False), you get a simple string. Mostly useful when combining with the C(to_yaml) filter to output the 'inline vault' format. |
Examples¶
# simply encrypt my key in a vault
vars:
myvaultedkey: "{{ keyrawdata|vault(passphrase) }} "
- name: save templated vaulted data
template: src=dump_template_data.j2 dest=/some/key/vault.txt
vars:
mysalt: '{{2**256|random(seed=inventory_hostname)}}'
template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
Return Values¶
| Key | Data Type | Description | Returned |
|---|---|---|---|
| _value | string | The vault string that contains the secret data (or C(AnsibleVaultEncryptedUnicode) string object). |
Authors¶
- Brian Coca (@bcoca)