community.sops.load_vars module – Load SOPS-encrypted variables from files, dynamically within a task
Note
This module is part of the community.sops collection (version 1.8.2).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.sops
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.sops.load_vars
.
New in community.sops 0.1.0
Synopsis
Loads SOPS-encrypted YAML/JSON variables dynamically from a file during task runtime.
To assign included variables to a different host than
inventory_hostname
, usedelegate_to
and setdelegate_facts=true
.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
A binary executable
sops
(https://github.com/getsops/sops) must exist either inPATH
or configured assops_binary
.
Parameters
Parameter |
Comments |
---|---|
One or more age private keys that can be used to decrypt encrypted files. Will be set as the |
|
The file containing the age private keys that SOPS can use to decrypt encrypted files. Will be set as the By default, SOPS looks for |
|
The AWS access key ID to use for requests to AWS. Sets the environment variable |
|
The AWS profile to use for requests to AWS. This corresponds to the SOPS |
|
The AWS secret access key to use for requests to AWS. Sets the environment variable |
|
The AWS session token to use for requests to AWS. Sets the environment variable |
|
Path to the SOPS configuration file. If not set, SOPS will recursively search for the config file starting at the file that is encrypted or decrypted. This corresponds to the SOPS |
|
Tell SOPS to use local key service. This corresponds to the SOPS Choices:
|
|
This option controls how Jinja2 expressions in values in the loaded file are handled. If set to If set to Unfortunately, there is no way for non-core modules to handle expressions “unsafe”, in other words, evaluate them only on use. This can only achieved by ansible.builtin.include_vars, which unfortunately cannot handle SOPS-encrypted files. Choices:
|
|
The file name from which variables should be loaded. If the path is relative, it will look for the file in |
|
Specify key services to use next to the local one. A key service must be specified in the form This corresponds to the SOPS |
|
The name of a variable into which assign the included vars. If omitted ( |
|
Path to the SOPS binary. By default uses |
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller. |
|
Support: none This action runs completely on the controller. |
Supports being used with the |
|
Support: full |
Can run in |
|
Support: N/A This action does not modify state. |
Will return details on what has changed (or possibly needs changing in |
|
Support: full |
Action returns an |
See Also
See also
- ansible.builtin.set_fact
Set host variable(s) and fact(s).
- ansible.builtin.include_vars
Load variables from files, dynamically within a task.
- Controlling where tasks run: delegation and local actions
More information related to task delegation.
- community.sops.sops lookup plugin
The sops lookup can be used decrypt SOPS-encrypted files.
- community.sops.decrypt filter plugin
The decrypt filter can be used to descrypt SOPS-encrypted in-memory data.
- community.sops.sops vars plugin
The sops vars plugin can be used to load SOPS-encrypted host or group variables.
Examples
- name: Include variables of stuff.sops.yaml into the 'stuff' variable
community.sops.load_vars:
file: stuff.sops.yaml
name: stuff
expressions: evaluate-on-load # interpret Jinja2 expressions in stuf.sops.yaml on load-time!
- name: Conditionally decide to load in variables into 'plans' when x is 0, otherwise do not
community.sops.load_vars:
file: contingency_plan.sops.yaml
name: plans
expressions: ignore # do not interpret possible Jinja2 expressions
when: x == 0
- name: Load variables into the global namespace
community.sops.load_vars:
file: contingency_plan.sops.yaml
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A list of files that were successfully included Returned: success Sample: |