community.hashi_vault.vault_login_token filter – Extracts the Vault token from a login or token creation
Note
This filter plugin is part of the community.hashi_vault collection (version 6.2.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.hashi_vault.
To use it in a playbook, specify: community.hashi_vault.vault_login_token.
New in community.hashi_vault 2.2.0
Synopsis
Extracts the token value from the structure returned by a Vault token creation operation.
Input
This describes the input of the filter, the value before | community.hashi_vault.vault_login_token.
Parameter |
Comments |
|---|---|
A dictionary matching the structure returned by a login or token creation. |
Keyword parameters
This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following
example: input | community.hashi_vault.vault_login_token(key1=value1, key2=value2, ...)
Parameter |
Comments |
|---|---|
If this field exists in the input dictionary, then the value of that field is used as the _input value. The default value deals with the difference between the output of lookup plugins, and does not need to be changed in most cases. See the examples or the Filter guide for more information. Default: |
Notes
Note
This filter is the same as reading into the _input dictionary directly, but it provides semantic meaning and automatically works with the differing output of the modules and lookups. See the Filter guide for more information.
See Also
See also
- community.hashi_vault.vault_login
Perform a login operation against HashiCorp Vault.
- community.hashi_vault.vault_token_create
Create a HashiCorp Vault token.
- community.hashi_vault.vault_login lookup plugin
Perform a login operation against HashiCorp Vault.
- community.hashi_vault.vault_token_create lookup plugin
Create a HashiCorp Vault token.
- Filter Guide
The
community.hashi_vaultFilter Guide
Examples
- name: Set defaults
vars:
ansible_hashi_vault_url: https://vault:9801/
ansible_hashi_vault_auth_method: userpass
ansible_hashi_vault_username: user
ansible_hashi_vault_password: "{{ lookup('env', 'MY_SECRET_PASSWORD') }}"
module_defaults:
community.hashi_vault.vault_login:
url: '{{ ansible_hashi_vault_url }}'
auth_method: '{{ ansible_hashi_vault_auth_method }}'
username: '{{ ansible_hashi_vault_username }}'
password: '{{ ansible_hashi_vault_password }}'
block:
- name: Perform a login with a lookup and display the token
vars:
login_response: "{{ lookup('community.hashi_vault.vault_login') }}"
debug:
msg: "The token is {{ login_response | community.hashi_vault.vault_login_token }}"
- name: Perform a login with a module
community.hashi_vault.vault_login:
register: login_response
- name: Display the token
debug:
msg: "The token is {{ login_response | community.hashi_vault.vault_login_token }}"
- name: Use of optional_field
vars:
lookup_login_response: "{{ lookup('community.hashi_vault.vault_login') }}"
my_data:
something: somedata
vault_login: "{{ lookup_login_response }}"
token_from_param: "{{ my_data | community.hashi_vault.vault_login_token(optional_field='vault_login') }}"
token_from_deref: "{{ my_data['vault_login'] | community.hashi_vault.vault_login_token }}"
# if the optional field doesn't exist, the dictionary itself is still checked
unused_optional: "{{ my_data['vault_login'] | community.hashi_vault.vault_login_token(optional_field='missing') }}"
block:
- name: Display the variables
ansible.builtin.debug:
var: '{{ item }}'
loop:
- my_data
- token_from_param
- token_from_deref
- unused_optional
Return Value
Key |
Description |
|---|---|
The token value. Returned: always Sample: |