aws_secret – Look up secrets stored in AWS Secrets Manager¶
New in version 2.8.
Synopsis¶
- Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.
- Lookup is based on the secret’s Name value.
- Optional parameters can be passed into this lookup; version_id and version_stage
Requirements¶
The below requirements are needed on the local master node that executes this lookup.
- boto3
- botocore>=1.10.0
Parameters¶
Examples¶
- name: Create RDS instance with aws_secret lookup for password param
rds:
command: create
instance_name: app-db
db_engine: MySQL
size: 10
instance_type: db.m1.small
username: dbadmin
password: "{{ lookup('aws_secret', 'DbSecret') }}"
tags:
Environment: staging
Return Values¶
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw
-
|
Returns the value of the secret stored in AWS Secrets Manager.
|
Status¶
- This lookup is not guaranteed to have a backwards compatible interface. [preview]
- This lookup is maintained by the Ansible Community. [community]
Authors¶
- Aaron Smith <ajsmith10381@gmail.com>
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.