community.general.onepassword_raw – fetch an entire item from 1Password
This plugin is part of the community.general collection (version 3.7.0).
To install it use:
ansible-galaxy collection install community.general.
To use it in a playbook, specify:
The below requirements are needed on the local controller node that executes this lookup.
op1Password command line utility. See https://support.1password.com/command-line/
This lookup will use an existing 1Password session if one exists. If not, and you have already performed an initial sign in (meaning
~/.op/config exists), then only the
master_passwordis required. You may optionally specify
subdomainin this scenario, otherwise the last used subdomain will be used by
This lookup can perform an initial login by providing
Due to the very sensitive nature of these credentials, it is highly recommended that you only pass in the minimal credentials needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength to the 1Password master password.
This lookup stores potentially sensitive data from 1Password as Ansible facts. Facts are subject to caching if enabled, which means this data could be stored in clear text on disk or in a database.
- name: Retrieve all data about Wintermute ansible.builtin.debug: var: lookup('community.general.onepassword_raw', 'Wintermute') - name: Retrieve all data about Wintermute when not signed in to 1Password ansible.builtin.debug: var: lookup('community.general.onepassword_raw', 'Wintermute', subdomain='Turing', vault_password='DmbslfLvasjdl')