ansible.builtin.unvault filter – Open an Ansible Vault
Note
This filter plugin is part of ansible-core
and included in all Ansible
installations. In most cases, you can use the short
plugin name
unvault
even without specifying the collections:
keyword.
However, we recommend you use the FQCN for easy linking to the
plugin documentation and to avoid conflicting with other collections that may have
the same filter plugin name.
New in ansible-core 2.12
Synopsis
Retrieve your information from an encrypted Ansible Vault.
Input
This describes the input of the filter, the value before | ansible.builtin.unvault
.
Parameter |
Comments |
---|---|
Vault string, or an |
Positional parameters
This describes positional parameters of the filter. These are the values positional1
, positional2
and so on in the following example: input | ansible.builtin.unvault(positional1, positional2, ...)
.
Parameter |
Comments |
---|---|
Vault secret, the key that lets you open the vault. |
Keyword parameters
This describes keyword parameters of the filter. These are the values key1=value1
, key2=value2
and so on in the following example: input | ansible.builtin.unvault(key1=value1, key2=value2, ...)
.
Parameter |
Comments |
---|---|
Secret identifier, used internally to try to best match a secret when multiple are provided. Default: |
Examples
# simply decrypt my key from a vault
vars:
mykey: "{{ myvaultedkey|unvault(passphrase) }} "
- name: save templated unvaulted data
template: src=dump_template_data.j2 dest=/some/key/clear.txt
vars:
template_data: '{{ secretdata|unvault(vaultsecret) }}'
Return Value
Key |
Description |
---|---|
The string that was contained in the vault. Returned: success |