Current File : //lib/python3.9/site-packages/ansible/plugins/filter/vault.yml
DOCUMENTATION:
name: vault
author: Brian Coca (@bcoca)
version_added: "2.12"
short_description: vault your secrets
description:
- Put your information into an encrypted Ansible Vault.
positional: secret
options:
_input:
description: Data to vault.
type: string
required: true
secret:
description: Vault secret, the key that lets you open the vault.
type: string
required: true
salt:
description:
- Encryption salt, will be random if not provided.
- While providing one makes the resulting encrypted string reproducible, it can lower the security of the vault.
type: string
vault_id:
description: Secret identifier, used internally to try to best match a secret when multiple are provided.
type: string
default: 'filter_default'
wrap_object:
description:
- This toggle can force the return of an C(AnsibleVaultEncryptedUnicode) string object, when C(False), you get a simple string.
- Mostly useful when combining with the C(to_yaml) filter to output the 'inline vault' format.
type: bool
default: False
EXAMPLES: |
# simply encrypt my key in a vault
vars:
myvaultedkey: "{{ keyrawdata|vault(passphrase) }} "
- name: save templated vaulted data
template: src=dump_template_data.j2 dest=/some/key/vault.txt
vars:
mysalt: '{{2**256|random(seed=inventory_hostname)}}'
template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
RETURN:
_value:
description: The vault string that contains the secret data (or C(AnsibleVaultEncryptedUnicode) string object).
type: string
Mini Shell