amazon.aws.aws_secret – Look up secrets stored in AWS Secrets Manager.¶
Note
This plugin is part of the amazon.aws collection (version 1.4.0).
To install it use: ansible-galaxy collection install amazon.aws
.
To use it in a playbook, specify: amazon.aws.aws_secret
.
Synopsis¶
Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.
Lookup is based on the secret’s Name value.
Optional parameters can be passed into this lookup; version_id and version_stage
Requirements¶
The below requirements are needed on the local controller node that executes this lookup.
boto3
botocore>=1.10.0
Parameters¶
Examples¶
- name: lookup secretsmanager secret in the current region
debug: msg="{{ lookup('amazon.aws.aws_secret', '/path/to/secrets', bypath=true) }}"
- name: Create RDS instance with aws_secret lookup for password param
rds:
command: create
instance_name: app-db
db_engine: MySQL
size: 10
instance_type: db.m1.small
username: dbadmin
password: "{{ lookup('amazon.aws.aws_secret', 'DbSecret') }}"
tags:
Environment: staging
- name: skip if secret does not exist
debug: msg="{{ lookup('amazon.aws.aws_secret', 'secret-not-exist', on_missing='skip')}}"
- name: warn if access to the secret is denied
debug: msg="{{ lookup('amazon.aws.aws_secret', 'secret-denied', on_denied='warn')}}"
- name: lookup secretsmanager secret in the current region using the nested feature
debug: msg="{{ lookup('amazon.aws.aws_secret', 'secrets.environments.production.password', nested=true) }}"
# The secret can be queried using the following syntax: `aws_secret_object_name.key1.key2.key3`.
# If an object is of the form `{"key1":{"key2":{"key3":1}}}` the query would return the value `1`.
Return Values¶
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw
string
|
success |
Returns the value of the secret stored in AWS Secrets Manager.
|
Authors¶
Aaron Smith <ajsmith10381@gmail.com>