Documentation

crypttab - Encrypted Linux block devices

New in version 1.9.

Synopsis

  • Control Linux encrypted block devices that are set up during system boot in /etc/crypttab.

Options

parameter required default choices comments
backing_device
no
Path to the underlying block device or file, or the UUID of a block-device prefixed with UUID=
name
yes
Name of the encrypted block device as it appears in the /etc/crypttab file, or optionaly prefixed with /dev/mapper/, as it appears in the filesystem. /dev/mapper/ will be stripped from name.
opts
no
A comma-delimited list of options. See crypttab(5 ) for details.
password
no none
Encryption password, the path to a file containing the password, or 'none' or '-' if the password should be entered at boot.
path
no /etc/crypttab
Path to file to use instead of /etc/crypttab. This might be useful in a chroot environment.
state
yes
  • present
  • absent
  • opts_present
  • opts_absent
Use present to add a line to /etc/crypttab or update it's definition if already present. Use absent to remove a line with matching name. Use opts_present to add options to those already present; options with different values will be updated. Use opts_absent to remove options from the existing set.

Examples

# Since column is a special character in YAML, if your string contains a column, it's better to use quotes around the string
- name: Set the options explicitly a device which must already exist
  crypttab:
    name: luks-home
    state: present
    opts: 'discard,cipher=aes-cbc-essiv:sha256'

- name: Add the 'discard' option to any existing options for all devices
  crypttab:
    name: '{{ item.device }}'
    state: opts_present
    opts: discard
  with_items: '{{ ansible_mounts }}'
  when: "'/dev/mapper/luks-' in {{ item.device }}"

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.