community.sops.sops – Read sops encrypted file contents¶
Note
This plugin is part of the community.sops collection (version 1.0.6).
To install it use: ansible-galaxy collection install community.sops
.
To use it in a playbook, specify: community.sops.sops
.
New in version 0.1.0: of community.sops
Synopsis¶
This lookup returns the contents from a file on the Ansible controller’s file system.
This lookup requires the
sops
executable to be available in the controller PATH.
Parameters¶
Examples¶
tasks:
- name: Output secrets to screen (BAD IDEA!)
ansible.builtin.debug:
msg: "Content: {{ lookup('community.sops.sops', item) }}"
loop:
- sops-encrypted-file.enc.yaml
- name: Add SSH private key
ansible.builtin.copy:
content: "{{ lookup('community.sops.sops', user + '-id_rsa') }}"
dest: /home/{{ user }}/.ssh/id_rsa
owner: "{{ user }}"
group: "{{ user }}"
mode: 0600
no_log: true # avoid content to be written to log
- name: The file file.json is a YAML file, which contains the encryption of binary data
ansible.builtin.debug:
msg: "Content: {{ lookup('community.sops.sops', 'file.json', input_type='yaml', output_type='binary') }}"
Return Values¶
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw
list
/ elements=string
|
success |
Decrypted file content.
|
Authors¶
Edoardo Tenani (@endorama) <e.tenani@arduino.cc>