hashivault_list – Hashicorp Vault list¶

New in version 2.9.

Synopsis
Requirements
Parameters
Examples
Return Values
Status

Synopsis ¶

The hashivault_list module lists keys in Hashicorp Vault. By default this will list top-level keys under /secret, but you can provide an alternate location as secret. This includes both immediate subkeys and subkey paths, like the vault list command.

Requirements ¶

The below requirements are needed on the host that executes this module.

hvac>=0.10.1
ansible>=2.0.0
requests

Parameters ¶

Parameter	Choices/Defaults	Comments
authtype -	Choices: token userpass github ldap approle Default: "token or environment variable `VAULT_AUTHTYPE`"	authentication type
aws_header -	Default: "to environment variable `VAULT_AWS_HEADER`"	X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
ca_cert -	Default: "to environment variable `VAULT_CACERT`"	Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
ca_path -	Default: "to environment variable `VAULT_CAPATH`"	Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
client_cert -	Default: "to environment variable `VAULT_CLIENT_CERT`"	Path to a PEM-encoded client certificate for TLS authentication to the Vault server
client_key -	Default: "to environment variable `VAULT_CLIENT_KEY`"	Path to an unencrypted PEM-encoded private key matching the client certificate
login_mount_point -	Default: "value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"	authentication mount point
mount_point -	Default: "secret"	secret mount point
namespace -	Default: "to environment variable VAULT_NAMESPACE"	namespace for vault
password -	Default: "to environment variable `VAULT_PASSWORD`"	password to login to vault.
secret -	Default: ""	secret path to list. If this does not begin with a `/` then it is interpreted as a subpath of `/secret`. This is always interpreted as a "directory": if a key `/secret/foo` exists, and you pass `/secret/foo` as secret, then the key itself will not be returned, but subpaths like `/secret/foo/bar` will.
token -	Default: "to environment variable `VAULT_TOKEN`"	token for vault
url -	Default: "to environment variable `VAULT_ADDR`"	url for vault
username -	Default: "to environment variable `VAULT_USER`"	username to login to vault.
verify -	Default: "to environment variable `VAULT_SKIP_VERIFY`"	If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
version -	Default: 1	version of the kv engine (int)

Examples ¶

---
- hosts: localhost
  tasks:
    - hashivault_list:
        secret: 'giant'
        version: 2
      register: 'fie'
    - debug: msg="Known secrets are {{ fie.secrets|join(', ') }}"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
secrets list	success	list of secrets found, if any Sample: ['giant', 'stalks/']

Status ¶

This module is guaranteed to have backward compatible interface changes going forward. [stableinterface]
This module is maintained by the Ansible Community. [community]

Authors¶

UNKNOWN

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

hashivault_list – Hashicorp Vault list¶

Synopsis¶

Requirements¶

Parameters¶

Examples¶

Return Values¶

Status¶