New in version 2.4.
force
option is set.The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_version
-
|
Default: auto
|
The version of the Docker API running on the Docker Host. Defaults to the latest version of the API supported by docker-py.
If the value is not specified in the task, the value of environment variable
DOCKER_API_VERSION will be used instead. If the environment variable is not set, the default value will be used.aliases: docker_api_version |
cacert_path
-
|
Use a CA certificate when performing server verification by providing the path to a CA certificate file.
If the value is not specified in the task and the environment variable
DOCKER_CERT_PATH is set, the file ca.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.aliases: tls_ca_cert |
|
cert_path
-
|
Path to the client's TLS certificate file.
If the value is not specified in the task and the environment variable
DOCKER_CERT_PATH is set, the file cert.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.aliases: tls_client_cert |
|
data
-
|
String. The value of the secret. Required when state is
present . |
|
debug
boolean
|
|
Debug mode
|
docker_host
-
|
Default: unix://var/run/docker.sock
|
The URL or Unix socket path used to connect to the Docker API. To connect to a remote host, provide the TCP connection string. For example, 'tcp://192.0.2.23:2376'. If TLS is used to encrypt the connection, the module will automatically replace 'tcp' in the connection URL with 'https'.
If the value is not specified in the task, the value of environment variable
DOCKER_HOST will be used instead. If the environment variable is not set, the default value will be used.aliases: docker_url |
force
boolean
|
|
Use with state
present to always remove and recreate an existing secret.If true, an existing secret will be replaced, even if it has not changed.
|
key_path
-
|
Path to the client's TLS key file.
If the value is not specified in the task and the environment variable
DOCKER_CERT_PATH is set, the file key.pem from the directory specified in the environment variable DOCKER_CERT_PATH will be used.aliases: tls_client_key |
|
labels
-
|
A map of key:value meta data, where both the key and value are expected to be a string.
If new meta data is provided, or existing meta data is modified, the secret will be updated by removing it and creating it again.
|
|
name
-
/ required
|
The name of the secret.
|
|
ssl_version
-
|
Provide a valid SSL version number. Default value determined by ssl.py module.
If the value is not specified in the task, the value of environment variable
DOCKER_SSL_VERSION will be used instead. |
|
state
-
|
|
Set to
present , if the secret should exist, and absent , if it should not. |
timeout
-
|
Default: 60
|
The maximum amount of time in seconds to wait on a response from the API.
If the value is not specified in the task, the value of environment variable
DOCKER_TIMEOUT will be used instead. If the environment variable is not set, the default value will be used. |
tls
boolean
|
|
Secure the connection to the API by using TLS without verifying the authenticity of the Docker host server.
If the value is not specified in the task, the value of environment variable
DOCKER_TLS will be used instead. If the environment variable is not set, the default value will be used. |
tls_hostname
-
|
Default: localhost
|
When verifying the authenticity of the Docker Host server, provide the expected name of the server.
If the value is not specified in the task, the value of environment variable
DOCKER_TLS_HOSTNAME will be used instead. If the environment variable is not set, the default value will be used. |
tls_verify
boolean
|
|
Secure the connection to the API by using TLS and verifying the authenticity of the Docker host server.
If the value is not specified in the task, the value of environment variable
DOCKER_TLS_VERIFY will be used instead. If the environment variable is not set, the default value will be used. |
Note
docker[tls]
with pip.$HOME/docker/config.json
if the DOCKER_CONFIG
environment variable is not specified, and use $DOCKER_CONFIG/config.json
otherwise.- name: Create secret foo
docker_secret:
name: foo
data: Hello World!
state: present
- name: Change the secret data
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
state: present
- name: Add a new label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Adding a new label will cause a remove/create of the secret
two: '2'
state: present
- name: No change
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: baz
one: '1'
# Even though 'two' is missing, there is no change to the existing secret
state: present
- name: Update an existing label
docker_secret:
name: foo
data: Goodnight everyone!
labels:
bar: monkey # Changing a label will cause a remove/create of the secret
one: '1'
state: present
- name: Force the removal/creation of the secret
docker_secret:
name: foo
data: Goodnight everyone!
force: yes
state: present
- name: Remove secret foo
docker_secret:
name: foo
state: absent
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
secret_id
string
|
success |
The ID assigned by Docker to the secret object.
Sample:
hzehrmyjigmcp2gb6nlhmjqcv
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.