community.sops.install role – Install SOPS

Note

This role is part of the community.sops collection (version 2.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install community.sops.

To use it in a playbook, specify: community.sops.install.

Entry point main – Install SOPS

New in community.sops 1.5.0

Synopsis

  • This role installs SOPS and GNU Privacy Guard (GPG).

  • This role supports the following operating systems: Alpine (new enough), Arch Linux, CentOS 7, Stream 8, or newer, Debian 10 (Buster) or newer, Fedora (new enough), RHEL 7 or newer, Ubuntu 16.04 or newer LTS versions

  • The Ansible facts ansible_facts.architecture, ansible_facts.distribution, ansible_facts.distribution_major_version, ansible_facts.distribution_version, and ansible_facts.os_family are expected to be present if sops_install_on_localhost is false.

Parameters

Parameter

Comments

sops_become_on_install

boolean

Whether the role should use become: true when installing packages.

Choices:

  • false

  • true ← (default)

sops_github_latest_detection

string

added in community.sops 1.6.0

When installing the latest SOPS version from GitHub, configures how the latest release is detected.

auto tries api first and then uses latest-release.

api asks the GitHub API for a list of recent releases and picks the highest version. Pre-releases are avoided.

latest-release uses a not fully documented URL to retrieve the release marked as “latest” by the repository maintainers.

Choices:

  • "auto"

  • "api"

  • "latest-release"

sops_github_token

string

added in community.sops 1.6.0

Token to provide when querying the GitHub API for the latest release. Without the token there are rather strict rate limits.

Should mainly be used in GitHub Actions.

sops_install_on_localhost

boolean

Installs SOPS on the Ansible controller (localhost) instead of the remote host.

Choices:

  • false ← (default)

  • true

sops_source

string

Determines the source from where SOPS is installed.

The value github will install SOPS from the SOPS releases on GitHub (https://github.com/getsops/sops/releases/).

The value system will install SOPS from the system packages. Note that not all system package repositories support SOPS.

The value auto will determine the best source to install SOPS from. Here, system package repositories are preferred over GitHub.

Choices:

  • "auto" ← (default)

  • "github"

  • "system"

sops_version

string

The version of SOPS to install.

Should be a version like 3.7.2. The special value latest will select the latest version available form the given source.

Default: "latest"

Authors

  • Felix Fontein (@felixfontein)