ansible.builtin.password_hash filter – convert input password into password_hash

Note

This filter plugin is part of ansible-core and included in all Ansible installations. In most cases, you can use the short plugin name password_hash. However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.password_hash for easy linking to the plugin documentation and to avoid conflicting with other collections that may have the same filter plugin name.

Synopsis

  • Returns a password_hash of a secret.

Input

This describes the input of the filter, the value before | ansible.builtin.password_hash.

Parameter

Comments

Input

string / required

Secret to hash.

Keyword parameters

This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | ansible.builtin.password_hash(key1=value1, key2=value2, ...)

Parameter

Comments

hashtype

string

Hashing algorithm to use.

Choices:

  • "md5"

  • "blowfish"

  • "sha256"

  • "sha512" ← (default)

  • "bcrypt"

ident

string

Algorithm identifier.

rounds

integer

Number of encryption rounds, default varies by algorithm used.

salt

string

Secret string used for the hashing. If none is provided a random one can be generated. Use only numbers and letters (characters matching [./0-9A-Za-z]+).

Notes

Note

  • Algorithms available might be restricted by the system.

  • Algorithms may restrict salt length or content. For example, Blowfish/bcrypt requires a 22-character salt.

Examples

# pwdhash => "$6$/bQCntzQ7VrgVcFa$VaMkmevkY1dqrx8neaenUDlVU.6L/.ojRbrnI4ID.yBHU6XON1cB422scCiXfUL5wRucMdLgJU0Fn38uoeBni/"
pwdhash: "{{ 'testing' | password_hash }}"

Return Value

Key

Description

Return value

string

The resulting password hash.

Returned: success

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.