Ansible role that installs password-store (pass), the standard Unix password manager.
This role is currently in beta and is not intended for production use. Breaking changes may occur between releases, so please make sure to read the release notes.
If you are using Enterprise Linux (CentOS, Rocky Linux, Alamlinux, RHEL, etc.), you need to install the EPEL repository. You can use the robertdebock.epel role to do so. See the example playbook for a a full example.
This role depends on certain collections that are not included in ansible-core.
This role's example playbook requires another role to prepare the target system.
To install this role's requirements, create a requirements.yml file with the following contents:
---
roles:
- name: robertdebock.epel
collections:
- name: community.general
Then, if you are using ansible-base/ansible-core 2.10 or later, run this command.
ansible-galaxy install -r requirements.ymlIf you are still using Ansible 2.9, run these commands, instead.
ansible-galaxy collection install -r requirements.yml
ansible-galaxy role install -r requirements.ymlThis role allows you to choose which source to install Pass from. You may override the default installation method by setting pass_install_method to the one of the values outlined below.
Description: This installs Pass from the distribution's repositories. This version may be out of date.
Supported Distributions: All distributions supported by this role
Default: Yes
Description: This installs Pass from source.
Supported Distributions: All distributions supported by this role
Default: No
Here are this role's variables and their default values, as set in defaults/main.yml. If you'd like, you may change them to customize this role's behavior.
---
# defaults file for pass
# Please see the `Available Installation Methods` section above
pass_install_method: distro_package
# Options:
# - `present` ensures that pass is installed
# - `absent` ensures that pass is not installed. This does not remove
# dependencies that are installed when `pass_install_method=source` to avoid
# removing packages that you installed prior to running this role.
pass_state: "present"
# Pass has the ability to copy passwords to your system clipboard using the `-c`
# option of the `pass show` command. By default, this role installs `xclip`, the
# clipboard helper for Xorg. If you are using Wayland, change this value to
# `wl-clipboard`. If you would like to install both `xclip` and `wl-clipboard`,
# change this value to `both`.
pass_clipboard_helper: xclip
##########
# These Variables only apply when `pass_install_method=source`.
# Where to download and extract the Pass source tarball.
pass_download_path: /opt/pass
# Which version of Pass to install.
# When set to latest, this role will determine the latest version
# and install that.
pass_version: latest
# pass_version: 1.7.4
# Parameters to pass to make. Please see the [installation instructions][1] and
# [Makefile][2] in Pass's Git repository for all available parameters.
pass_make_params:
# You can remove this value to install Pass to the default location, /usr/bin.
# However, I recommend keeping this role's default which follows the Filesystem
# Hierarchy Standard[3] and avoids conflicting with the system package manager.
PREFIX: /usr/local # Install pass to /usr/local/bin
[1]: https://git.zx2c4.com/password-store/tree/INSTALL
[2]: https://git.zx2c4.com/password-store/tree/Makefile
[3]: https://refspecs.linuxfoundation.org/fhs.shtml
---
- name: Install Pass
hosts: all
become: true
tasks:
- name: Update apt cache
when: ansible_pkg_mgr == "apt"
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
- name: Install EPEL Repo (will only run on EL-based distros)
ansible.builtin.include_role:
name: robertdebock.epel
- name: Install Pass
ansible.builtin.include_role:
name: "gotmax23.pass"
This role is tested using the latest version of ansible-core and the latest version of the collections from Ansible Galaxy. This is the only version of Ansible that this role officially supports. Best effort support is provided for other versions.
This role is compatible with the following distros:
| distro | versions |
|---|---|
| Archlinux | any |
| Debian | buster, bullseye, bookworm |
| EL | 8 |
| Fedora | 34, 35, 36 |
| opensuse | 15.3, tumbleweed |
| Ubuntu | bionic, focal |
Maxwell G (@gotmax23)