community.sops.load_vars – Load sops-encrypted variables from files, dynamically within a task
Note
This plugin is part of the community.sops collection (version 1.2.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.sops
.
To use it in a playbook, specify: community.sops.load_vars
.
New in version 0.1.0: of community.sops
Synopsis
Loads sops-encrypted YAML/JSON variables dynamically from a file during task runtime.
To assign included variables to a different host than
inventory_hostname
, usedelegate_to
and setdelegate_facts=yes
.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
---|---|
The AWS access key ID to use for requests to AWS. Sets the environment variable |
|
The AWS profile to use for requests to AWS. This corresponds to the sops |
|
The AWS secret access key to use for requests to AWS. Sets the environment variable |
|
The AWS session token to use for requests to AWS. Sets the environment variable |
|
Path to the sops configuration file. If not set, sops will recursively search for the config file starting at the file that is encrypted or decrypted. This corresponds to the sops |
|
Tell sops to use local key service. This corresponds to the sops Choices:
|
|
This option controls how Jinja2 expressions in values in the loaded file are handled. If set to If set to Unfortunately, there is no way for non-core modules to handle expressions “unsafe”, in other words, evaluate them only on use. This can only achieved by ansible.builtin.include_vars, which unfortunately cannot handle sops-encrypted files. Choices:
|
|
The file name from which variables should be loaded. If the path is relative, it will look for the file in |
|
Specify key services to use next to the local one. A key service must be specified in the form This corresponds to the sops |
|
The name of a variable into which assign the included vars. If omitted ( |
|
Path to the sops binary. By default uses |
See Also
See also
- ansible.builtin.set_fact
The official documentation on the ansible.builtin.set_fact module.
- ansible.builtin.include_vars
The official documentation on the ansible.builtin.include_vars module.
- Controlling where tasks run: delegation and local actions
More information related to task delegation.
Examples
- name: Include variables of stuff.sops.yaml into the 'stuff' variable
community.sops.load_vars:
file: stuff.sops.yaml
name: stuff
expressions: evaluate-on-load # interpret Jinja2 expressions in stuf.sops.yaml on load-time!
- name: Conditionally decide to load in variables into 'plans' when x is 0, otherwise do not
community.sops.load_vars:
file: contingency_plan.sops.yaml
name: plans
expressions: ignore # do not interpret possible Jinja2 expressions
when: x == 0
- name: Load variables into the global namespace
community.sops.load_vars:
file: contingency_plan.sops.yaml
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A list of files that were successfully included Returned: success Sample: [“/path/to/file.sops.yaml”] |
Authors
Felix Fontein (@felixfontein)