azure.azcollection.azure_rm_keyvaultsecret – Use Azure KeyVault Secrets¶
This plugin is part of the azure.azcollection collection (version 1.4.0).
To install it use:
ansible-galaxy collection install azure.azcollection.
To use it in a playbook, specify:
New in version 0.1.2: of azure.azcollection
Create or delete a secret within a given keyvault.
By using Key Vault, you can encrypt keys and secrets.
Such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords.
The below requirements are needed on the host that executes this module.
python >= 2.7
azure >= 2.0.0
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- name: Create a secret azure_rm_keyvaultsecret: secret_name: MySecret secret_value: My_Pass_Sec keyvault_uri: https://contoso.vault.azure.net/ tags: testing: testing delete: never - name: Delete a secret azure_rm_keyvaultsecret: secret_name: MySecret keyvault_uri: https://contoso.vault.azure.net/ state: absent
Common return values are documented here, the following are the fields unique to this module:
Current state of the secret.
Secret resource path.