azure_rm_keyvaultsecret – Use Azure KeyVault Secrets¶
New in version 2.5.
Create or delete a secret within a given keyvault.
By using Key Vault, you can encrypt keys and secrets.
Such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords.
The below requirements are needed on the host that executes this module.
python >= 2.7
azure >= 2.0.0
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- Sign in with Azure CLI
How to authenticate using the
- name: Create a secret azure_rm_keyvaultsecret: secret_name: MySecret secret_value: My_Pass_Sec keyvault_uri: https://contoso.vault.azure.net/ tags: testing: testing delete: never - name: Delete a secret azure_rm_keyvaultsecret: secret_name: MySecret keyvault_uri: https://contoso.vault.azure.net/ state: absent
Common return values are documented here, the following are the fields unique to this module:
Current state of the secret.
Secret resource path.
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]