{"id":15657513,"url":"https://github.com/nekmo/ansible-keepass","last_synced_at":"2025-05-05T15:49:19.582Z","repository":{"id":39632715,"uuid":"158007184","full_name":"Nekmo/ansible-keepass","owner":"Nekmo","description":"Use become (sudo) in Ansible without giving any password and safely","archived":false,"fork":false,"pushed_at":"2020-04-21T19:27:04.000Z","size":16,"stargazers_count":26,"open_issues_count":7,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-30T22:11:10.495Z","etag":null,"topics":["ansible","keepass","keepassxc","password","sudo"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nekmo.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-17T17:16:30.000Z","updated_at":"2024-10-30T20:08:22.000Z","dependencies_parsed_at":"2022-09-06T04:12:29.713Z","dependency_job_id":null,"html_url":"https://github.com/Nekmo/ansible-keepass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fansible-keepass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fansible-keepass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fansible-keepass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nekmo%2Fansible-keepass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nekmo","download_url":"https://codeload.github.com/Nekmo/ansible-keepass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252526228,"owners_count":21762461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","keepass","keepassxc","password","sudo"],"created_at":"2024-10-03T13:07:36.751Z","updated_at":"2025-05-05T15:49:19.552Z","avatar_url":"https://github.com/Nekmo.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Keepass Plugin\n######################\nUse **become** (sudo) in Ansible **without giving any password** and safely. This plugin connects to\n**keepassHTTP** or **KeepassXC Browser** to request the password. The connection is encrypted and requires a first\nconfirmation. The token for Keepass HTTP is stored using the keyring of the system and the passwords are only\naccessible while the Keepass database is open.\n\nInstallation\n============\nClone or copy the plugin included::\n\n    sudo mkdir -p /usr/local/share/ansible/plugins/vars\n    sudo curl https://raw.githubusercontent.com/Nekmo/ansible-keepass/master/ansible_keepass.py \\\n         -o /usr/local/share/ansible/plugins/vars/ansible_keepass.py\n\nSet the var plugins directory to the same directory that contains ``ansible_keepass.py`` in ``ansible.cfg``::\n\n    /etc/ansible/ansible.cfg\n    ------------------------\n\n    [defaults]\n    ...\n    vars_plugins = /usr/local/share/ansible/plugins/vars\n\n\nAnd install requirements from ``requirements.txt`` file in this project (install the modules in the same environment\nas Ansible)::\n\n    sudo pip install -r requirements.txt\n\nUsage\n=====\nThis project supports **KeepassHTTP** and **KeepassXC Browser**. This plugin is able to detect your Keepass\nprogram automatically but if you have issues define the environment variable ``KEEPASS_CLASS`` (available values:\n``KeepassXC`` and ``KeepassHTTP``).\n\n*Ansible-keepass* uses the url of the entry to find the entry to use. In the Keepass entries you must specify the url\nusing the name of the inventory or inventory group. For example::\n\n    ssh:\u003cinventory name\u003e\n\nOr including username::\n\n    ssh:\u003cusername\u003e@\u003cinventory name\u003e\n\nThat is all! If you do not set a password now Ansible will ask Keepass for the password. You can try this plugin using::\n\n    $  ansible \u003chost_name\u003e -a \"/usr/bin/hdparm -C /dev/sda\" --become\n\n\nSecurity\n========\nThese are the security measures adopted by Keepass and this plugin:\n\n#. Keepass requests link permission the first time. This plugin stores the session using the OS Keyring.\n#. Keepass can authorize access permission for each key individually.\n#. Keys can not be listed using Keepass HTTP/XC Browser. A possible attacker must know key urls.\n#. The connection between this plugin and Keepass is encrypted.\n#. Passwords are not accessible while the Keepass database is closed.\n\nThis plugin can be more secure than copy\u0026paste: a malware installed on your machine can listen for changes\nin the clipboard. This plugin depends on the security of the OS Keyring and your personal password.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnekmo%2Fansible-keepass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnekmo%2Fansible-keepass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnekmo%2Fansible-keepass/lists"}