Sig-I/O (Berichten over ansible)https://sig-io.nl/nlContents © 2024 <a href="mailto:mark@sig-io.nl">Mark Janssen</a> Sun, 21 Jul 2024 15:45:31 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rssRead passwords from the 'pass' passwordstore into ansiblehttps://sig-io.nl/nl/posts/read-passwords-from-the-pass-passwordstore-into-ansible/Mark Janssen<p><a class="reference external" href="http://ansible.com">Ansible</a> is a great orchestration-tool, and while it has it’s own secure password storage system (<a class="reference external" href="https://docs.ansible.com/ansible/2.4/vault.html">Vault</a>), I prefer to use ‘pass’ from <a class="reference external" href="http://passwordstore.org">http://passwordstore.org</a></p> <p>There is no specific ‘pass’ plugin for ansible, but using the ‘pipe’ lookup plugin works quite well</p> <div class="code"><pre class="code yaml"><a id="rest_code_56c622c545104eab9da9434f8a5f1e7b-1" name="rest_code_56c622c545104eab9da9434f8a5f1e7b-1" href="https://sig-io.nl/nl/posts/read-passwords-from-the-pass-passwordstore-into-ansible/#rest_code_56c622c545104eab9da9434f8a5f1e7b-1"></a><span class="nt">tasks</span><span class="p">:</span> <a id="rest_code_56c622c545104eab9da9434f8a5f1e7b-2" name="rest_code_56c622c545104eab9da9434f8a5f1e7b-2" href="https://sig-io.nl/nl/posts/read-passwords-from-the-pass-passwordstore-into-ansible/#rest_code_56c622c545104eab9da9434f8a5f1e7b-2"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Debug</span> <a id="rest_code_56c622c545104eab9da9434f8a5f1e7b-3" name="rest_code_56c622c545104eab9da9434f8a5f1e7b-3" href="https://sig-io.nl/nl/posts/read-passwords-from-the-pass-passwordstore-into-ansible/#rest_code_56c622c545104eab9da9434f8a5f1e7b-3"></a><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">debug</span><span class="p p-Indicator">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">msg={{lookup('pipe', 'pass some/password/i/need') }}</span> </pre></div> <p>This can then be used to store API keys, passwords for various accounts, or other information that needs to remain secret while still being able to share and version your ansible plays.</p> <p>Update 2017: There is now a passwordstore <a class="reference external" href="https://docs.ansible.com/ansible/2.5/plugins/lookup/passwordstore.html">lookup-plugin</a> for ansible</p>https://sig-io.nl/nl/posts/read-passwords-from-the-pass-passwordstore-into-ansible/Tue, 27 Jan 2015 19:26:50 GMT