Categories

Archives

Read passwords from the 'pass' passwordstore into ansible

Ansible is a great orchestration-tool, and while it has it’s own secure password storage system (Vault), I prefer to use ‘pass’ from passwordstore.org

There is no specific ‘pass’ plugin for ansible, but using the ‘pipe’ lookup plugin works quite well

tasks:
  - name: Debug
    debug: msg={{lookup('pipe', 'pass some/password/i/need') }}

This can then be used to store API keys, passwords for various accounts, or other information that needs to remain secret while still being able to share and version your ansible plays.

Comments are closed.