community.windows.win_credential module – Manages Windows Credentials in the Credential Manager
Note
This module is part of the community.windows collection (version 1.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_credential
.
Synopsis
Used to create and remove Windows Credentials in the Credential Manager.
This module can manage both standard username/password credentials as well as certificate credentials.
Parameters
Parameter |
Comments |
---|---|
Adds an alias for the credential. Typically this is the NetBIOS name of a host if name is set to the DNS name. |
|
A list of dicts that set application specific attributes for a credential. When set, existing attributes will be compared to the list as a whole, any differences means all attributes will be replaced. |
|
The value for the attribute. |
|
Controls the input type for data. If If Choices:
|
|
The key for the attribute. This is not a unique identifier as multiple attributes can have the same key. |
|
A user defined comment for the credential. |
|
The target that identifies the server or servers that the credential is to be used for. If the value can be a NetBIOS name, DNS server name, DNS host name suffix with a wildcard character ( See This is used with type to produce a unique credential. |
|
Defines the persistence of the credential. If
Choices:
|
|
The secret for the credential. When omitted, then no secret is used for the credential if a new credentials is created. When type is a password type, this is the password for username. When type is a certificate type, this is the pin for the certificate. |
|
Controls the input type for secret. If If Choices:
|
|
When When Choices:
|
|
The type of credential to store. This is used with name to produce a unique credential. When the type is a When the type is a It is recommended to use a Choices:
|
|
When When If the secret cannot be retrieved and this is set to Choices:
|
|
When type is a password type, then this is the username to store for the credential. When type is a credential type, then this is the thumbprint as a hex string of the certificate to use. When If using a certificate thumbprint, the certificate must exist in the |
Notes
Note
This module requires to be run with
become
so it can access the user’s credential store.There can only be one credential per host and type. if a second credential is defined that uses the same host and type, then the original credential is overwritten.
See Also
See also
- ansible.windows.win_user_right
The official documentation on the ansible.windows.win_user_right module.
- ansible.windows.win_whoami
The official documentation on the ansible.windows.win_whoami module.
Examples
- name: Create a local only credential
community.windows.win_credential:
name: server.domain.com
type: domain_password
username: DOMAIN\username
secret: Password01
state: present
- name: Remove a credential
community.windows.win_credential:
name: server.domain.com
type: domain_password
state: absent
- name: Create a credential with full values
community.windows.win_credential:
name: server.domain.com
type: domain_password
alias: server
username: [email protected]
secret: Password01
comment: Credential for server.domain.com
persistence: enterprise
attributes:
- name: Source
data: Ansible
- name: Unique Identifier
data: Y3VzdG9tIGF0dHJpYnV0ZQ==
data_format: base64
- name: Create a certificate credential
community.windows.win_credential:
name: '*.domain.com'
type: domain_certificate
username: 0074CC4F200D27DC3877C24A92BA8EA21E6C7AF4
state: present
- name: Create a generic credential
community.windows.win_credential:
name: smbhost
type: generic_password
username: smbuser
secret: smbuser
state: present
- name: Remove a generic credential
community.windows.win_credential:
name: smbhost
type: generic_password
state: absent
Authors
Jordan Borean (@jborean93)