mirrors
/
ansible-keepass
mirror of https://github.com/viczem/ansible-keepass.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Ansible lookup plugin to fetch data from KeePass file
80 Commits 7 Branches 11 Tags 243 KiB
Python 94.6%
Dockerfile 3.1%
Shell 2.3%
Go to file
Victor Zemtsov 9bcd8ce6a7 Merge branch 'tabacha-fix_path_to_python' into develop 2023-01-10 07:58:56 +03:00
docs Add tests/parallel 2022-11-03 14:12:05 +03:00
meta Fix linting. Fix collection structure 2022-08-09 14:39:08 +03:00
plugins use sys.executable as path to python, this helps if use use a venv for ansible 2023-01-06 14:48:35 +01:00
tests Add playbook to tests/parallel 2022-11-09 11:27:36 +03:00
.flake8 Fix linting. Fix collection structure 2022-08-09 14:39:08 +03:00
.gitignore Fix .gitignore 2022-08-20 14:18:51 +03:00
LICENSE delete Pipfile 2022-05-25 21:37:02 +03:00
README.md Fix #33 Password shall not be mandatory for opening the db 2022-10-22 13:44:40 +03:00
galaxy.yml Fix #34 KeePass: socket connection failed when used in parallel 2022-11-09 11:47:02 +03:00

README.md

Ansible KeePass Lookup Plugin

This collection provides plugins that allows to read data from KeePass file (modifying is not supported)

How it works

The lookup plugin opens a UNIX socket with decrypted KeePass file. For performance reasons, decryption occurs only once at socket startup, and the KeePass file remains decrypted as long as the socket is open. The UNIX socket file is stored in a temporary folder according to OS.

Installation

Requirements: python 3, pykeepass==4.0.3

pip install 'pykeepass==4.0.3' --user
ansible-galaxy collection install viczem.keepass

Variables

  • keepass_dbx - path to KeePass file
  • keepass_psw - Optional. Password (required if keepass_key is not set)
  • keepass_key - Optional. Path to keyfile (required if keepass_psw is not set)
  • keepass_ttl - Optional. Socket TTL (will be closed automatically when not used). Default 60 seconds.

Usage

ansible-doc -t lookup keepass to get description of the plugin

WARNING: For security reasons, do not store KeePass passwords in plain text. Use ansible-vault encrypt_string to encrypt it and use it like below

# file: group_vars/all

keepass_dbx: "~/.keepass/database.kdbx"
keepass_psw: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      ...encrypted password...

Examples

More examples see in /docs/examples.

Lookup

ansible_user             : "{{ lookup('viczem.keepass.keepass', 'path/to/entry', 'username') }}"
ansible_become_pass      : "{{ lookup('viczem.keepass.keepass', 'path/to/entry', 'password') }}"
custom_field             : "{{ lookup('viczem.keepass.keepass', 'path/to/entry', 'custom_properties', 'a_custom_property_name') }}"
attachment               : "{{ lookup('viczem.keepass.keepass', 'path/to/entry', 'attachments', 'a_file_name') }}"

Module

- name: "Export file: attachment.txt"
    viczem.keepass.attachment:
      database: "{{ keepass_dbx }}"
      password: "{{ keepass_psw }}"
      entrypath: example/attachments
      attachment: "attachment.txt"
      dest: "{{ keepass_attachment_1_name }}"

Contributing

See /docs/contributing.