I have set up a 'guest' user in 1password, and assigned a new vault to him. I've installed 1password's CLI utility ('op'). I can manually extract 1password secrets from the command line, or even from Ansible as:
- name: Retrieve password manually
delegate_to: localhost
ansible.builtin.command: 'op read "op://Ansible-Vaults/google/password"'
But I have been unable to use either ansible's 1password module community.general.onepassword_info or its lookup counterpart. The following both fail with the following:
Failed to perform initial sign in to 1Password: [ERROR] 2023/09/21 18:25:16 unknown flag: --output
(Note that the play above runs just before, so it should already be logged in to 1password. And even if it wasn't, enough info was given to login again.)
- name: Retrieve password for HAL when not signed in to 1Password
delegate_to: localhost
ansible.builtin.debug:
var: lookup('community.general.onepassword',
google,
section=TEST,
field=password,
vault="{{ opw_vault }}",
domain="{{ opw_domain }}",
subdomain="{{ opw_subdomain }}",
master_password="{{ opw_password }}",
username="{{ opw_username }}",
secret_key="{{ opw_secret_key }}"
)
- name: Get a password
delegate_to: localhost
community.general.onepassword_info:
auto_login:
master_password: "{{ opw_password }}"
secret_key: "{{ opw_secret_key }}"
subdomain: "{{ opw_subdomain }}"
username: "{{ opw_username }}"
search_terms:
- name: "google"
field: "password" # optional, defaults to 'password'
# section: Custom section name # optional, defaults to 'None'
vault: "{{ opw_vault }}" # optional, only necessary if there is more than 1 Vault available
register: my_1password_item
no_log: false # Don't want to log the secrets to the console!
Ansible Core 2.13.5
op version 2.21.0 Any help would be appreciated!
Update: I was thinking that perhaps my "community general collection" was outdated. I updated it from 5.6.0 to 7.4.0, but it made no difference. Same error as before.