ansible.builtin.unvault filter – Open an Ansible Vault
Note
This filter plugin is part of ansible-core and included in all Ansible
installations. In most cases, you can use the short
plugin name
unvault.
However, we recommend you use the Fully Qualified Collection Name (FQCN) ansible.builtin.unvault for easy linking to the
plugin documentation and to avoid conflicting with other collections that may have
the same filter plugin name.
New in ansible-core 2.12
Synopsis
Retrieve your information from an encrypted Ansible Vault.
Input
This describes the input of the filter, the value before | ansible.builtin.unvault.
Parameter |
Comments |
|---|---|
Vault string, or an |
Positional parameters
This describes positional parameters of the filter. These are the values positional1, positional2 and so on in the following
example: input | ansible.builtin.unvault(positional1, positional2, ...)
Parameter |
Comments |
|---|---|
Vault secret, the key that lets you open the vault. |
Keyword parameters
This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following
example: input | ansible.builtin.unvault(key1=value1, key2=value2, ...)
Parameter |
Comments |
|---|---|
Secret identifier, used internally to try to best match a secret when multiple are provided. Default: |
Notes
Note
When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters:
input | ansible.builtin.unvault(positional1, positional2, key1=value1, key2=value2)
Examples
# simply decrypt my key from a vault
vars:
mykey: "{{ myvaultedkey | unvault(passphrase) }} "
- name: save templated unvaulted data
template: src=dump_template_data.j2 dest=/some/key/clear.txt
vars:
template_data: '{{ secretdata | unvault(vaultsecret) }}'
Return Value
Key |
Description |
|---|---|
The string that was contained in the vault. Returned: success |