azure_rm_keyvaultsecret – Use Azure KeyVault Secrets¶
New in version 2.5.
Synopsis¶
- Create or delete a secret within a given keyvault.
- By using Key Vault, you can encrypt keys and secrets.
- Such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.7
- azure >= 2.0.0
Parameters¶
Notes¶
Note
- For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
. - Authentication is also possible using a service principal or Active Directory user.
- To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
- To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
- Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also¶
See also
- Sign in with Azure CLI
- How to authenticate using the
az login
command.
Examples¶
- name: Create a secret
azure_rm_keyvaultsecret:
secret_name: MySecret
secret_value: My_Pass_Sec
keyvault_uri: https://contoso.vault.azure.net/
tags:
testing: testing
delete: never
- name: Delete a secret
azure_rm_keyvaultsecret:
secret_name: MySecret
keyvault_uri: https://contoso.vault.azure.net/
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
state
complex
|
success |
Current state of the secret.
|
|
secret_id
string
|
Secret resource path.
|
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Ian Philpot (@iphilpot)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.