Index of all Collection Environment Variables

The following index documents all environment variables declared by plugins in collections. Environment variables used by the ansible-core configuration are documented in Ansible Configuration Settings.

ANSIBLE_SOPS_AGE_KEY

One or more age private keys that can be used to decrypt encrypted files.

Will be set as the SOPS_AGE_KEY environment variable when calling SOPS.

Requires SOPS 3.7.1+.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_AGE_KEYFILE

The file containing the age private keys that SOPS can use to decrypt encrypted files.

Will be set as the SOPS_AGE_KEY_FILE environment variable when calling SOPS.

By default, SOPS looks for sops/age/keys.txt inside your user configuration directory.

Requires SOPS 3.7.0+.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_AWS_ACCESS_KEY_ID

The AWS access key ID to use for requests to AWS.

Sets the environment variable AWS_ACCESS_KEY_ID for the SOPS call.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_AWS_PROFILE

The AWS profile to use for requests to AWS.

This corresponds to the SOPS --aws-profile option.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_AWS_SECRET_ACCESS_KEY

The AWS secret access key to use for requests to AWS.

Sets the environment variable AWS_SECRET_ACCESS_KEY for the SOPS call.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_AWS_SESSION_TOKEN

The AWS session token to use for requests to AWS.

Sets the environment variable AWS_SESSION_TOKEN for the SOPS call.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_BINARY

Path to the SOPS binary.

By default uses sops.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_CONFIG_PATH

Path to the SOPS configuration file.

If not set, SOPS will recursively search for the config file starting at the file that is encrypted or decrypted.

This corresponds to the SOPS --config option.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_ENABLE_LOCAL_KEYSERVICE

Tell SOPS to use local key service.

This corresponds to the SOPS --enable-local-keyservice option.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_SOPS_KEYSERVICE

Specify key services to use next to the local one.

A key service must be specified in the form protocol://address, for example tcp://myserver.com:5000.

This corresponds to the SOPS --keyservice option.

Used by: community.sops.sops lookup plugin, community.sops.sops vars plugin

ANSIBLE_VARS_SOPS_PLUGIN_CACHE

Whether to cache decrypted files or not.

If the cache is disabled, the files will be decrypted for almost every task. This is very slow!

Only disable caching if you modify the variable files during a playbook run and want the updated result to be available from the next task on.

Note that setting stage=inventory has the same effect as setting cache=true: the variables will be loaded only once (during inventory loading) and the vars plugin will not be called for every task.

Used by: community.sops.sops vars plugin

ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES

How to handle files that match the extensions in valid_extensions that are not SOPS encrypted.

The default value error will produce an error.

The value skip will simply skip these files. This requires SOPS 3.9.0 or later.

The value warn will skip these files and emit a warning. This requires SOPS 3.9.0 or later.

Note that this will not help if the store SOPS uses cannot parse the file, for example because it is no valid JSON/YAML/… file despite its file extension. For extensions other than the default ones SOPS uses the binary store, which tries to parse the file as JSON.

Used by: community.sops.sops vars plugin

ANSIBLE_VARS_SOPS_PLUGIN_STAGE

Control when this vars plugin may be executed.

Setting this option to all will run the vars plugin after importing inventory and whenever it is demanded by a task.

Setting this option to task will only run the vars plugin whenever it is demanded by a task.

Setting this option to inventory will only run the vars plugin after parsing inventory.

If this option is omitted, the global RUN_VARS_PLUGINS configuration is used to determine when to execute the vars plugin.

Used by: community.sops.sops vars plugin

ANSIBLE_VARS_SOPS_PLUGIN_VALID_EXTENSIONS

Check all of these extensions when looking for ‘variable’ files.

These files must be SOPS encrypted YAML or JSON files.

By default the plugin will produce errors when encountering files matching these extensions that are not SOPS encrypted. This behavior can be controlled with the handle_unencrypted_files option.

Used by: community.sops.sops vars plugin

SOPS_ANSIBLE_AWX_DISABLE_VARS_PLUGIN_TEMPORARILY

Temporarily disable this plugin.

Useful if ansible-inventory is supposed to be run without decrypting secrets (in AWX for instance).

Used by: community.sops.sops vars plugin