New in version 2.4.
docker secret create and docker secret rm.force option is set.| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_version | no | default provided by docker-py | The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by docker-py. aliases: docker_api_version | |
| cacert_path | no | Use a CA certificate when performing server verification by providing the path to a CA certificate file. aliases: tls_ca_cert | ||
| cert_path | no | Path to the client's TLS certificate file. aliases: tls_client_cert | ||
| data | no | String. The value of the secret. Required when state is present. | ||
| docker_host | no | unix://var/run/docker.sock | The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, 'tcp://192.0.2.23:2376'. If TLS is used to encrypt the connection, the module will automatically replace 'tcp' in the connection URL with 'https'. aliases: docker_url | |
| force | no | Boolean. Use with state present to always remove and recreate an existing secret.If true, an existing secret will be replaced, even if it has not changed. | ||
| key_path | no | Path to the client's TLS key file. aliases: tls_client_key | ||
| labels | no | A map of key:value meta data, where both the key and value are expected to be a string. If new meta data is provided, or existing meta data is modified, the secret will be updated by removing it and creating it again. | ||
| name | yes | The name of the secret. | ||
| ssl_version | no | 1.0 | Provide a valid SSL version number. Default value determined by docker-py, currently 1.0. | |
| state | no | present |
| Set to present, if the secret should exist, and absent, if it should not. |
| timeout | no | 60 | The maximum amount of time in seconds to wait on a response from the API. | |
| tls | no | Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server. | ||
| tls_hostname | no | localhost | When verifying the authenticity of the Docker Host server, provide the expected name of the server. | |
| tls_verify | no | Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server. |
- name: Create secret foo
docker_secret:
name: foo
data: Hello World!
state: present
- name: Change the secret data
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
state: present
- name: Add a new label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Adding a new label will cause a remove/create of the secret
two: '2'
state: present
- name: No change
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Even though 'two' is missing, there is no change to the existing secret
state: present
- name: Update an existing label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: monkey # Changing a label will cause a remove/create of the secret
one: '1'
state: present
- name: Force the removal/creation of the secret
docker_secret:
name: foo
data: Goodnight everyone!
force: yes
state: present
- name: Remove secret foo
docker_secret:
name: foo
state: absent
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| secret_id | The ID assigned by Docker to the secret object. | success | string | hzehrmyjigmcp2gb6nlhmjqcv |
Note
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/docker_secret_module.html