{"id":13993902,"url":"https://github.com/secrethub/ansible-secrethub","last_synced_at":"2025-07-22T18:32:26.537Z","repository":{"id":52909033,"uuid":"149438740","full_name":"secrethub/ansible-secrethub","owner":"secrethub","description":"Official Ansible module for SecretHub","archived":true,"fork":false,"pushed_at":"2021-04-14T09:42:54.000Z","size":25,"stargazers_count":8,"open_issues_count":4,"forks_count":3,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-10T14:14:44.972Z","etag":null,"topics":["ansible","ansible-vault","devops","python","secret-management","secrets","security"],"latest_commit_sha":null,"homepage":"https://secrethub.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secrethub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-19T11:15:28.000Z","updated_at":"2023-02-16T13:21:33.000Z","dependencies_parsed_at":"2022-08-23T11:11:01.744Z","dependency_job_id":null,"html_url":"https://github.com/secrethub/ansible-secrethub","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrethub%2Fansible-secrethub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrethub%2Fansible-secrethub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrethub%2Fansible-secrethub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrethub%2Fansible-secrethub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secrethub","download_url":"https://codeload.github.com/secrethub/ansible-secrethub/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227156440,"owners_count":17739304,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-vault","devops","python","secret-management","secrets","security"],"created_at":"2024-08-09T14:02:37.063Z","updated_at":"2024-11-29T15:31:30.165Z","avatar_url":"https://github.com/secrethub.png","language":"Python","readme":"\u003chr/\u003e\n\u003cp align=\"center\"\u003e\n \u003csub\u003e\u003cimg src=\"https://1password.com/img/logo-v1.svg\" alt=\"1Password\" width=\"20\" /\u003e\u003c/sub\u003e \u003cb\u003eSecretHub has joined 1Password!\u003c/b\u003e Find out more on the \u003ca href=\"https://secrethub.io/blog/secrethub-joins-1password/\"\u003eSecretHub blog\u003c/a\u003e. 🎉\n\u003c/p\u003e\n\u003chr/\u003e\n\n[![codeclimate maintainability badge](https://api.codeclimate.com/v1/badges/7649852aa7650e331b2a/maintainability)](https://codeclimate.com/github/secrethub/ansible-secrethub/maintainability)\n[![codacy badge](https://api.codacy.com/project/badge/Grade/297a2289bff74c49be800d973eea2923)](https://www.codacy.com/app/SecretHub/ansible-secrethub)\n[![codebeat badge](https://codebeat.co/badges/78df7e54-0cc2-4672-a843-a49c92135892)](https://codebeat.co/projects/github-com-secrethub-ansible-secrethub-master)\n[![codeclimate test coverage badge](https://api.codeclimate.com/v1/badges/7649852aa7650e331b2a/test_coverage)](https://codeclimate.com/github/secrethub/ansible-secrethub/test_coverage)\n\n# SecretHub Ansible modules\n\n## SecretHub\n\nTo use the SecretHub modules, an account on [SecretHub](https://secrethub.io) is needed.\nSee [the guide](https://secrethub.io/docs/getting-started/) on how to get started with SecretHub.\n\n## Integration\n\nTo use the SecretHub modules in your playbooks, symlink or copy the `library` and `module_utils` directories to the root directory of your ansible project (next to your playbooks).\n\n```sh\ngit clone git@github.com:secrethub/ansible-secrethub.git\nln -s \u003cpath to ansible-secrethub\u003e/library \u003cansible project root\u003e/library\nln -s \u003cpath to ansible-secrethub\u003e/module_utils \u003cansible project root\u003e/module_utils\n```\n\n## Usage\n\n### secrethub_cli\n\nInstalls the SecretHub CLI.\n\n##### Parameters\n\n| Parameter | Required | Choices | Default | Comments |\n| ----------- | -------- | ----------------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------- |\n| install_dir | no | | | The path where the CLI is installed. This defaults to `/usr/local/secrethub/` on Unix systems and `C://Program Files/SecretHub/` on Windows. |\n| state | no | present\u003cbr\u003eabsent | present | The state present implies that the CLI should be installed if necessary. Absent implies that the CLI should be uninstalled if present. |\n| version | no | | latest | The version of the CLI that should be installed. When state is absent, version will be ignored. |\n\n##### Return values\n\n| Key | Description |\n| ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |\n| bin_path | The absolute path to the location of the installed binary. |\n| install_dir | The absolute path to the directory in which the secrethub binary is installed. Add this directory to the PATH to make the CLI globally accessible. |\n| version | The currently installed version of the SecretHub CLI. |\n\n##### Examples\n\n```{.sourceCode .yaml+jinja}\n# Default\n- name: Ensure the SecretHub CLI is installed\n secrethub_cli:\n\n# Specific version\n- name: Ensure version 1.0.0 of the SecretHub CLI is installed\n screthub_cli:\n version: 1.0.0\n\n# Uninstall\n- name: Ensure the SecretHub CLI is not installed\n secrethub_cli:\n state: absent\n\n# Install at custom location\n- name: Ensure the SecretHub CLI is installed\n secrethub_cli:\n install_dir: /opt/\n```\n\n### secrethub_read\n\nReads a secret that is stored in SecretHub.\n\n##### Parameters\n\n| Parameter | Required | Choices | Default | Comments |\n| --------------------- | -------- | ------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| path | yes | | | The path of the secret. |\n| cli_path | no | | | The path to the CLI binary to use. To set this globally the environment variable `SECRETHUB_CLI_PATH` can be set. When omitted, a default of `/usr/local/secrethub/secrethub` or `C:/Program Files/SecretHub/secrethub.exe` (on Windows) is used. |\n| config_dir | no | | | The configuration directory to use. To set this globally the environment variable SECRETHUB_CONFIG_DIR can be set. This is where we look for a credential when it is not supplied trough the module. Defaults to a .secrethub directory in the home directory. |\n| credential | no | | | The credential used to decrypt your accounts encryption key. To set this globally the environment variable SECRETHUB_CREDENTIAL can be set. When omitted, the credential must be stored in the configuration directory. |\n| credential_passphrase | no | | | The passphrase to decrypt the credential with. To set this globally the environment variable SECRETHUB_CREDENTIAL_PASSPHRASE can be set. |\n\n##### Return values\n\n| Key | Description |\n| ------ | ------------------------------------------ |\n| secret | The secret value stored in the given path. |\n\n###### Examples\n\n```{.sourceCode .yaml+jinja}\n# Read a secret.\n- name: Read the database password\n secrethub_read:\n path: company/application/db_pass\n register: db_pass\n```\n\n### secrethub_write\n\nSave a secret in SecretHub.\n\n##### Parameters\n\n| Parameter | Required | Choices | Default | Comments |\n| --------------------- | -------- | ------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| path | yes | | | The path of the secret. |\n| value | yes | | | The value of the secret. |\n| cli_path | no | | | The path to the CLI binary to use. To set this globally the environment variable `SECRETHUB_CLI_PATH` can be set. When omitted, a default of `/usr/local/secrethub/secrethub` or `C:/Program Files/SecretHub/secrethub.exe` (on Windows) is used. |\n| config_dir | no | | | The configuration directory to use. To set this globally the environment variable SECRETHUB_CONFIG_DIR can be set. This is where we look for a credential when it is not supplied trough the module. Defaults to a .secrethub directory in the home directory. |\n| credential | no | | | The credential used to decrypt your accounts encryption key. To set this globally the environment variable SECRETHUB_CREDENTIAL can be set. When omitted, the credential must be stored in the configuration directory. |\n| credential_passphrase | no | | | The passphrase to decrypt the credential with. To set this globally the environment variable SECRETHUB_CREDENTIAL_PASSPHRASE can be set. |\n\n##### Return values\n\n| Key | Description |\n| ------ | ------------------------------------------ |\n| secret | The secret value stored in the given path. |\n\n###### Examples\n\n```{.sourceCode .yaml+jinja}\n# Write a secret.\n# The db_pass variable is registered by an earlier process.\n# To generate a new password, use the secrethub_generate module.\n- name: Store the database password\n secrethub_write:\n path: company/application/db_pass\n value: {{ db_pass }}\n```\n\n### secrethub_generate\n\nGenerates a random secret that is stored in SecretHub.\n\n##### Parameters\n\n| Parameter | Required | Choices | Default | Comments |\n| --------------------- | -------- | --------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| path | yes | | | The path of the secret. |\n| length | no | | 22 | The length of the secret. |\n| symbols | no | yes\u003cbr\u003eno | no | A boolean indicating whether the secret is allowed to contain symbols. |\n| cli_path | no | | | The path to the CLI binary to use. To set this globally the environment variable `SECRETHUB_CLI_PATH` can be set. When omitted, a default of `/usr/local/secrethub/secrethub` or `C:/Program Files/SecretHub/secrethub.exe` (on Windows) is used. |\n| config_dir | no | | | The configuration directory to use. To set this globally the environment variable SECRETHUB_CONFIG_DIR can be set. This is where we look for a credential when it is not supplied trough the module. Defaults to a .secrethub directory in the home directory. |\n| credential | no | | | The credential used to decrypt your accounts encryption key. To set this globally the environment variable SECRETHUB_CREDENTIAL can be set. When omitted, the credential must be stored in the configuration directory. |\n| credential_passphrase | no | | | The passphrase to decrypt the credential with. To set this globally the environment variable SECRETHUB_CREDENTIAL_PASSPHRASE can be set. |\n\n##### Examples\n\n```{.sourceCode .yaml+jinja}\n# Generate a 22 characters long secret of random numbers and/or letters.\n- name: Generate a random database password\n secrethub_generate:\n path: company/infra/app/db_pass\n```\n\n##### Return values\n\n| Key | Description |\n| ------ | --------------------- |\n| secret | The generated secret. |\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecrethub%2Fansible-secrethub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecrethub%2Fansible-secrethub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecrethub%2Fansible-secrethub/lists"}