Readme
Ansible Collection to allow Passbolt managment from Ansible.
Requirements
Python3.6+ https://www.python.org/downloads/
GnuPG https://gnupg.org/download/index.html
My Python library for passbolt API pip install git+https://github.com/daniel-lynch/py-passbolt
Install:
ansible-galaxy collection install daniel_lynch.passbolt
Examples
Get Password. Docs
---
- hosts: localhost
vars:
passbolt_uri: https://passbolt.djlynch.us
gpgkey: "{{ lookup('file', 'key.asc') }}"
passphrase: Password
tasks:
- debug:
msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', gpgkey=gpgkey, passphrase=passphrase, passbolt_uri=passbolt_uri) }}"Get Password using fingerprint.
#import your private key
gpg --import private.key
# Show fingerprint and use it in the playbook
gpg --fingerprint
---
- hosts: localhost
connection: local #with connection local the gpg agent will ask you your private key
vars:
passbolt_uri: https://passbolt.djlynch.us
fingerprint: "BD12345678F2B05FE32FA07570848FF92005EABC"
tasks:
- debug:
msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', fingerprint=fingerprint, passbolt_uri=passbolt_uri) }}"Create User. Docs
---
- hosts: localhost
tasks:
- name: Create User
daniel_lynch.passbolt.create_user:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
username: "testing@example.com"
firstname: "Test"
lastname: "Ing"
admin: TrueUpdate User. Docs
---
- hosts: localhost
tasks:
- name: Update User
daniel_lynch.passbolt.update_user:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
username: "testing@example.com"
firstname: "Test"
lastname: "Ing"
admin: TrueDelete User. Docs
---
- hosts: localhost
tasks:
- name: Delete User
daniel_lynch.passbolt.delete_user:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
username: "testing@example.com"Create Group. Docs
---
- hosts: localhost
tasks:
- name: Create Group
daniel_lynch.passbolt.create_group:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Test"
admins:
- "{{ admin }}"
users:
- "{{ user }}"Update Group. Docs
---
- hosts: localhost
tasks:
- name: Update Group
daniel_lynch.passbolt.update_group:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Test"
admins:
- "{{ admin2 }}"
users:
- "{{ user2 }}"Delete Group. Docs
---
- hosts: localhost
tasks:
- name: Delete Group
daniel_lynch.passbolt.delete_group:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Test"Create Password. Docs
---
- hosts: localhost
tasks:
- name: Create Password
daniel_lynch.passbolt.create_password:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Testing"
password: "password"
username: "Test"
uri: "test.com"
description: "This is a description"Update Password. Docs
---
- hosts: localhost
tasks:
- name: Update Password
daniel_lynch.passbolt.update_password:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Testing"
password: "password"
username: "Test"
newname: "Testing2"
newusername: "Test2"
uri: "test2.com"
description: "This is a description2"Share Password. Docs
---
- hosts: localhost
tasks:
- name: Share Password
daniel_lynch.passbolt.share_password:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Testing"
users:
- "{{ admin2 }}"
groups:
- Users
permission: Read
username: "Test"Delete Password. Docs
---
- hosts: localhost
tasks:
- name: Delete Password
daniel_lynch.passbolt.delete_password:
passbolt_uri: "{{ passbolt_uri }}"
gpgkey: "{{ gpgkey }}"
passphrase: "{{ passphrase }}"
name: "Testing"
username: "Test"Considerations
Use ansible-vault to encrypt passphrase and GPG key https://docs.ansible.com/ansible/2.8/user_guide/playbooks_vault.html#single-encrypted-variable