community.general.bitwarden_secrets_manager lookup – Retrieve secrets from Bitwarden Secrets Manager
Note
This lookup plugin is part of the community.general collection (version 10.0.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this lookup plugin,
see Requirements for details.
To use it in a playbook, specify: community.general.bitwarden_secrets_manager
.
New in community.general 7.2.0
Synopsis
Retrieve secrets from Bitwarden Secrets Manager.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
bws (command line utility)
Terms
Parameter |
Comments |
---|---|
Secret ID(s) to fetch values for. |
Keyword parameters
This describes keyword parameters of the lookup. These are the values key1=value1
, key2=value2
and so on in the following
examples: lookup('community.general.bitwarden_secrets_manager', key1=value1, key2=value2, ...)
and query('community.general.bitwarden_secrets_manager', key1=value1, key2=value2, ...)
Parameter |
Comments |
---|---|
Notes
Note
When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters:
lookup('community.general.bitwarden_secrets_manager', term1, term2, key1=value1, key2=value2)
andquery('community.general.bitwarden_secrets_manager', term1, term2, key1=value1, key2=value2)
Examples
- name: Get a secret relying on the BWS_ACCESS_TOKEN environment variable for authentication
ansible.builtin.debug:
msg: >-
{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972") }}
- name: Get a secret passing an explicit access token for authentication
ansible.builtin.debug:
msg: >-
{{
lookup(
"community.general.bitwarden_secrets_manager",
"2bc23e48-4932-40de-a047-5524b7ddc972",
bws_access_token="9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
)
}}
- name: Get two different secrets each using a different access token for authentication
ansible.builtin.debug:
msg:
- '{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972", bws_access_token=token1) }}'
- '{{ lookup("community.general.bitwarden_secrets_manager", "9d89af4c-eb5d-41f5-bb0f-4ae81215c768", bws_access_token=token2) }}'
vars:
token1: "9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
token2: "1.69b72797-6ea9-4687-a11e-848e41a30ae6.YW5zaWJsZSBpcyBncmVhdD8K:YW5zaWJsZSBpcyBncmVhdAo="
- name: Get just the value of a secret
ansible.builtin.debug:
msg: >-
{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972").value }}
Return Value
Key |
Description |
---|---|
List containing one or more secrets. Returned: success |