containers.podman.podman_secret module – Manage podman secrets

Note

This module is part of the containers.podman collection (version 1.12.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install containers.podman. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: containers.podman.podman_secret.

New in containers.podman 1.7.0

Synopsis

  • Manage podman secrets

Requirements

The below requirements are needed on the host that executes this module.

  • podman

Parameters

Parameter

Comments

data

string

The value of the secret. Required when state is present.

debug

boolean

Enable debug mode for module.

Choices:

  • false ← (default)

  • true

driver

string

Override default secrets driver, currently podman uses file which is unencrypted.

driver_opts

dictionary

Driver-specific key-value options.

executable

string

Path to podman executable if it is not in the $PATH on the machine running podman

Default: "podman"

force

boolean

Use it when state is present to remove and recreate an existing secret.

Choices:

  • false ← (default)

  • true

labels

dictionary

Labels to set on the secret.

name

string / required

The name of the secret.

skip_existing

boolean

Use it when state is present and secret with the same name already exists. If set to true, the secret will NOT be recreated and remains as is.

Choices:

  • false ← (default)

  • true

state

string

Whether to create or remove the named secret.

Choices:

  • "absent"

  • "present" ← (default)

Examples

- name: Create secret
  containers.podman.podman_secret:
    state: present
    name: mysecret
    data: "my super secret content"

- name: Create container that uses the secret
  containers.podman.podman_container:
    name: showmysecret
    image: docker.io/alpine:3.14
    secrets:
      - mysecret
    detach: false
    command: cat /run/secrets/mysecret
    register: container

- name: Output secret data
  debug:
    msg: '{{ container.stdout }}'

- name: Remove secret
  containers.podman.podman_secret:
    state: absent
    name: mysecret

Authors

  • Aliaksandr Mianzhynski (@amenzhinsky)