From 8a754e0858d922e955e71b253c139e071ecec432 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 18:04:21 +0200
Subject: Adding upstream version 2.14.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 lib/ansible/plugins/filter/vault.yml | 48 ++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 lib/ansible/plugins/filter/vault.yml

(limited to 'lib/ansible/plugins/filter/vault.yml')

diff --git a/lib/ansible/plugins/filter/vault.yml b/lib/ansible/plugins/filter/vault.yml
new file mode 100644
index 0000000..1ad541e
--- /dev/null
+++ b/lib/ansible/plugins/filter/vault.yml
@@ -0,0 +1,48 @@
+DOCUMENTATION:
+  name: vault
+  author: Brian Coca (@bcoca)
+  version_added: "2.12"
+  short_description: vault your secrets
+  description:
+    - Put your information into an encrypted Ansible Vault.
+  positional: secret
+  options:
+    _input:
+      description: Data to vault.
+      type: string
+      required: true
+    secret:
+      description: Vault secret, the key that lets you open the vault.
+      type: string
+      required: true
+    salt:
+      description:
+        - Encryption salt, will be random if not provided.
+        - While providing one makes the resulting encrypted string reproducible, it can lower the security of the vault.
+      type: string
+    vault_id:
+      description: Secret identifier, used internally to try to best match a secret when multiple are provided.
+      type: string
+      default: 'filter_default'
+    wrap_object:
+      description:
+        - This toggle can force the return of an C(AnsibleVaultEncryptedUnicode) string object, when C(False), you get a simple string.
+        - Mostly useful when combining with the C(to_yaml) filter to output the 'inline vault' format.
+      type: bool
+      default: False
+
+EXAMPLES: |
+  # simply encrypt my key in a vault
+  vars:
+    myvaultedkey: "{{ keyrawdata|vault(passphrase) }} "
+
+  - name: save templated vaulted data
+    template: src=dump_template_data.j2 dest=/some/key/vault.txt
+    vars:
+      mysalt: '{{2**256|random(seed=inventory_hostname)}}'
+      template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
+
+RETURN:
+  _value:
+    description: The vault string that contains the secret data (or C(AnsibleVaultEncryptedUnicode) string object).
+    type: string
-- 
cgit v1.2.3