containers.podman.podman_secret module – Manage podman secrets

Note

This module is part of the containers.podman collection (version 1.15.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install containers.podman. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: containers.podman.podman_secret.

New in containers.podman 1.7.0

Synopsis

  • Manage podman secrets

Requirements

The below requirements are needed on the host that executes this module.

  • podman

Parameters

Parameter

Comments

data

string

The value of the secret. Required when state is present. Mutually exclusive with env and path.

debug

boolean

Enable debug mode for module. It prints secrets diff.

Choices:

  • false ← (default)

  • true

driver

string

Override default secrets driver, currently podman uses file which is unencrypted.

driver_opts

dictionary

Driver-specific key-value options.

env

string

The name of the environment variable that contains the secret. Mutually exclusive with data and path.

executable

string

Path to podman executable if it is not in the $PATH on the machine running podman

Default: "podman"

force

boolean

Use it when state is present to remove and recreate an existing secret.

Choices:

  • false ← (default)

  • true

labels

dictionary

Labels to set on the secret.

name

string / required

The name of the secret.

path

path

Path to the file that contains the secret. Mutually exclusive with data and env.

skip_existing

boolean

Use it when state is present and secret with the same name already exists. If set to true, the secret will NOT be recreated and remains as is.

Choices:

  • false ← (default)

  • true

state

string

Whether to create or remove the named secret.

Choices:

  • "absent"

  • "present" ← (default)

Examples

- name: Create secret
  containers.podman.podman_secret:
    state: present
    name: mysecret
    data: "my super secret content"

- name: Create container that uses the secret
  containers.podman.podman_container:
    name: showmysecret
    image: docker.io/alpine:3.14
    secrets:
      - mysecret
    detach: false
    command: cat /run/secrets/mysecret
    register: container

- name: Output secret data
  debug:
    msg: '{{ container.stdout }}'

- name: Remove secret
  containers.podman.podman_secret:
    state: absent
    name: mysecret

Authors

  • Aliaksandr Mianzhynski (@amenzhinsky)