Parameter |
Choices/Defaults |
Comments |
authtype
-
|
Choices:
- token
- userpass
- github
- ldap
- approle
Default:
"token or environment variable `VAULT_AUTHTYPE`"
|
authentication type
|
aws_header
-
|
Default:
"to environment variable `VAULT_AWS_HEADER`"
|
X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
|
bound_group_ids
-
|
|
The list of group ids that login is restricted to.
|
bound_locations
-
|
|
The list of locations that login is restricted to.
|
bound_resource_groups
-
|
|
The list of resource groups that login is restricted to.
|
bound_scale_sets
-
|
|
The list of scale set names that the login is restricted to.
|
bound_service_principal_ids
-
|
|
The list of Service Principal IDs that login is restricted to.
|
bound_subscription_ids
-
|
|
The list of subscription IDs that login is restricted to.
|
ca_cert
-
|
Default:
"to environment variable `VAULT_CACERT`"
|
Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
|
ca_path
-
|
Default:
"to environment variable `VAULT_CAPATH`"
|
Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
|
client_cert
-
|
Default:
"to environment variable `VAULT_CLIENT_CERT`"
|
Path to a PEM-encoded client certificate for TLS authentication to the Vault server
|
client_key
-
|
Default:
"to environment variable `VAULT_CLIENT_KEY`"
|
Path to an unencrypted PEM-encoded private key matching the client certificate
|
login_mount_point
-
|
Default:
"value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"
|
authentication mount point
|
mount_point
-
|
Default:
"azure"
|
name of the secret engine mount name.
|
name
-
|
|
name of the role in vault
|
namespace
-
|
Default:
"to environment variable VAULT_NAMESPACE"
|
namespace for vault
|
password
-
|
Default:
"to environment variable `VAULT_PASSWORD`"
|
password to login to vault.
|
policies
-
|
|
name of policies in vault to assign to role
|
role_file
-
|
|
File with a json object containing play parameters. pass all params but name, state, mount_point which stay in the ansible play
|
token
-
|
Default:
"to environment variable `VAULT_TOKEN`"
|
token for vault
|
token_max_ttl
-
|
|
The maximum allowed lifetime of tokens issued in seconds using this role.
|
token_period
-
|
|
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this parameter.
|
token_ttl
-
|
|
The TTL period of tokens issued using this role in seconds.
|
url
-
|
Default:
"to environment variable `VAULT_ADDR`"
|
url for vault
|
username
-
|
Default:
"to environment variable `VAULT_USER`"
|
username to login to vault.
|
verify
-
|
Default:
"to environment variable `VAULT_SKIP_VERIFY`"
|
If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
|