Search code examples

Dynamic variable names with ansible

I have a bunch of ssh keys in key=value form in a Hashicorp Vault which i have setup Ansible to be able to address.

I am trying to setup some new users with the keys i have stored, and failing. Basic info (username, group etc) is in a list of dicts i have created, called linux_users.

Here is how i grab the whole secret:

- name: set the required secret as fact
    secret: "{{ lookup('hashi_vault', 'secret=/secret/data/Exploit/PAM url={{ vault_url }} token={{ vault_token.token.auth.client_token }}') }}"
  no_log: true
  delegate_to: localhost

I then use the vars lookup to try and get the ssh keys i want:

- debug:
    msg: "{{ lookup('vars', '' + }}"
  loop: "{{ linux_users }}"

The result is Ansible tells me the variable doesn't exist:

fatal: [localhost]: FAILED! => {}


The task includes an option with an undefined variable. The error was: No variable found with this name:

The error appears to be in '/home/ansible/test/pamuser.yml': line 19, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  - debug:
    ^ here

Yet if i debug the var by its name i get the correct answer:

ok: [localhost] => {
    "": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...[abridged for security purposes]"


  • The variable is just named secret; is another way to access fields of that variable in Jinja and is (mostly) equivalent to secret['data']['pamlogon']. You do not need the vars lookup here at all, since you are using a single static variable name. Just use the normal accessor syntax:

      msg: "{{[] }}"


      msg: "{{ secret['data'][] }}"