Documentation

passwordstore - manage passwords with passwordstore.org’s pass utility

New in version 2.3.

Synopsis

  • Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. It also retrieves YAML style keys stored as multilines in the passwordfile.

Parameters

Parameter
Choices/Defaults
Configuration
Comments
_terms
required
query key
create
Default:
no
flag to create the password
directory
Default:
None
env:PASSWORD_STORE_DIR
directory of the password store
length
Default:
16
password length
overwrite
Default:
no
flag to overwrite the password
passwordstore
Default:
~/.password-store
location of the password store
returnall
Default:
no
flag to return all the contents of the password store
subkey
Default:
password
subkey to return
userpass
user password

Examples

# Debug is used for examples, BAD IDEA to show passwords on screen
- name: Basic lookup. Fails if example/test doesn't exist
  debug: msg="{{ lookup('passwordstore', 'example/test')}}"

- name: Create pass with random 16 character password. If password exists just give the password
  debug: var=mypassword
  vars:
    mypassword: "{{ lookup('passwordstore', 'example/test create=true')}}"

- name: Different size password
  debug: msg="{{ lookup('passwordstore', 'example/test create=true length=42')}}"

- name: Create password and overwrite the password if it exists. As a bonus, this module includes the old password inside the pass file
  debug: msg="{{ lookup('passwordstore', 'example/test create=true overwrite=true')}}"

- name: Return the value for user in the KV pair user, username
  debug: msg="{{ lookup('passwordstore', 'example/test subkey=user')}}"

- name: Return the entire password file content
  set_fact: passfilecontent="{{ lookup('passwordstore', 'example/test returnall=true')}}"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key
Returned
Description
_raw
a password



Status

Author

Hint

If you notice any issues in this documentation you can edit this document <https://github.com/ansible/ansible/edit/devel/lib/ansible/plugins/lookup/passwordstore.py_ to improve it.