This repository contains two ansible modules for setting and getting passwordstate passwords.
It is based on the fork of KBerstene who has rebuilt the module from the original BoxUK modules
to run on Python 3. Since then uses the requests library in place of urllib and added functionality for using the Windows Authentication API.
Currently i have added more facts to the returned output so we could use other field values as well.
All Python prerequisites can be installed using python3 -m pip install -r dev-requirements.txt.
The passwordstate_password module enables adding and updating of passwords inside PasswordState:
---
- name: Passwordstate
hosts: localhost
connection: local
tasks:
- name: push password to passwordstate
passwordstate_password:
url: 'https://passwordstate.internal.corp.net'
api_key: 'xxxxxxxxx'
password_list_id: 'xxxx'
match_field: 'GenericField1'
match_field_id: 'xx'
title: 'My password title'
username: 'username'
password: 'my secure password'The passwordstate_password_fact module enables fetching of passwords stored in PasswordState:
---
- name: Passwordstate
hosts: localhost
connection: local
tasks:
- name: get password from passwordstate
passwordstate_password_fact:
url: 'https://passwordstate.internal.corp.net'
api_key: 'xxxxxxxxx'
password_list_id: 'xxxx'
match_field: 'GenericField1'
match_field_id: 'xx'
fact_name: 'myaccount'
- debug: var=myaccount_password---
- name: Passwordstate
hosts: localhost
connection: local
tasks:
- name: get password from passwordstate
passwordstate_password_fact:
url: 'https://passwordstate.internal.corp.net'
api_key: 'xxxxxxxxx'
password_id: 'xx'
fact_name: 'myaccount'
- debug: var=myaccount_username
- debug: var=myaccount_passwordPasswordState offers an API that uses Windows authentication instead of standard API keys. The Windows API can be used by simply replacing the api_key option with the api_username and api_password options, which can be prompted for at the beginning of a playbook or otherwise stored and passed:
---
- name: Passwordstate
hosts: localhost
connection: local
tasks:
- name: get password from passwordstate
passwordstate_password_fact:
url: 'https://passwordstate.internal.corp.net'
api_username: '{{ passwordstate_api_username }}'
api_password: '{{ passwordstate_api_password }}'
password_id: 'xx'
fact_name: 'myaccount'
- debug: var=myaccount_username
- debug: var=myaccount_passwordIf running ansible-playbook with -vvv the output, if using one of the examples from above, could be:
ok: [localhost] => {
"ansible_facts": {
"myaccount_accounttype": "Active Directory",
"myaccount_accounttypeid": 64,
"myaccount_description": "Test Description",
"myaccount_domain": "",
"myaccount_expirydate": "",
"myaccount_genericfield1": "xx",
"myaccount_genericfield10": "",
"myaccount_genericfield2": "foobar",
"myaccount_genericfield3": "",
"myaccount_genericfield4": "",
"myaccount_genericfield5": "",
"myaccount_genericfield6": "",
"myaccount_genericfield7": "",
"myaccount_genericfield8": "None",
"myaccount_genericfield9": "",
"myaccount_genericfieldinfo": [
{
"DisplayName": "GenericField1",
"GenericFieldID": "GenericField1",
"Value": "xx"
},
{
"DisplayName": "Test Field",
"GenericFieldID": "GenericField2",
"Value": "foobar"
},
{
"DisplayName": "Test Field 2",
"GenericFieldID": "GenericField8",
"Value": "None"
}
],
"myaccount_hostname": "foobar_host",
"myaccount_notes": "",
"myaccount_password": "FooBar_Password1",
"myaccount_passwordid": 999,
"myaccount_title": "My password title",
"myaccount_url": "https://passwordstate",
"myaccount_username": "My password user"
},
"changed": false,
"invocation": {
"module_args": {
"api_key": "xxxxxxxxx",
"api_password": null,
"api_username": null,
"fact_name": "myaccount",
"match_field": null,
"match_field_id": null,
"password_id": "999",
"password_list_id": "2",
"url": "https://passwordstate"
}
}
}