Documentation

latest
latest v2.20 v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
      Edit on GitHub

      PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.20

      Documentation for other releases can be found by using the version selector in the top right of any doc page.

      passwordstore

      Manage passwords using pass (password-store), the standard Unix password manager.

      Pass uses GPG for encryption and Git for version control. This module enables secure credential management in scripts, container entrypoints, and IoT devices.

      Attributes

      check_mode:
  support: full

      Parameters

      Parameter Required Type Values Description
      generate   boolean   Generate a random password instead of providing one. The generated password will be stored in pass.
      length   integer   Length of the generated password. Only used with generate: true. [default: 16]
      password   string   The password to store. Required for state=present when creating a new entry (unless generate is true or userpass is provided).
      passwordstore   string   Path to the password-store directory. Overrides PASSWORD_STORE_DIR environment variable.
      path true string   Path to the password in the password store.
      returnall   boolean   Return all content from the password entry, not just the first line.
      state   string present
      absent      		 Whether the password should be present or absent. When present and password exists, returns the password content. [default: "present"]
      userpass   string   The full content of the password file (multiline). First line is the password, remaining lines are metadata. Mutually exclusive with password.

      Examples

      - name: Read a password from the store
  passwordstore:
    path: myapp/database
    state: present
  register: db_password

- name: Read all password data (password + metadata)
  passwordstore:
    path: myapp/database
    returnall: true
    state: present
  register: db_full

- name: Create a new password entry
  passwordstore:
    path: myapp/api-key
    password: "{{ api_key }}"
    state: present

- name: Create a password with multiline content
  passwordstore:
    path: myapp/database
    userpass: |
      s3cret_p4ssw0rd
      username: admin
      url: db.example.com
    state: present

- name: Generate a random password
  passwordstore:
    path: myapp/new-service
    generate: true
    length: 32
    state: present

- name: Delete a password
  passwordstore:
    path: myapp/old-service
    state: absent

- name: Use a custom password-store directory
  passwordstore:
    path: myapp/database
    passwordstore: /opt/password-store
    state: present
  register: result