1.. _playbooks_prompts: 2 3************************** 4Interactive input: prompts 5************************** 6 7If you want your playbook to prompt the user for certain input, add a 'vars_prompt' section. Prompting the user for variables lets you avoid recording sensitive data like passwords. In addition to security, prompts support flexibility. For example, if you use one playbook across multiple software releases, you could prompt for the particular release version. 8 9.. contents:: 10 :local: 11 12Here is a most basic example:: 13 14 --- 15 - hosts: all 16 vars_prompt: 17 18 - name: username 19 prompt: What is your username? 20 private: no 21 22 - name: password 23 prompt: What is your password? 24 25 tasks: 26 27 - name: Print a message 28 ansible.builtin.debug: 29 msg: 'Logging in as {{ username }}' 30 31The user input is hidden by default but it can be made visible by setting ``private: no``. 32 33.. note:: 34 Prompts for individual ``vars_prompt`` variables will be skipped for any variable that is already defined through the command line ``--extra-vars`` option, or when running from a non-interactive session (such as cron or Ansible Tower). See :ref:`passing_variables_on_the_command_line`. 35 36If you have a variable that changes infrequently, you can provide a default value that can be overridden:: 37 38 vars_prompt: 39 40 - name: release_version 41 prompt: Product release version 42 default: "1.0" 43 44Encrypting values supplied by ``vars_prompt`` 45--------------------------------------------- 46 47You can encrypt the entered value so you can use it, for instance, with the user module to define a password:: 48 49 vars_prompt: 50 51 - name: my_password2 52 prompt: Enter password2 53 private: yes 54 encrypt: sha512_crypt 55 confirm: yes 56 salt_size: 7 57 58If you have `Passlib <https://passlib.readthedocs.io/en/stable/>`_ installed, you can use any crypt scheme the library supports: 59 60- *des_crypt* - DES Crypt 61- *bsdi_crypt* - BSDi Crypt 62- *bigcrypt* - BigCrypt 63- *crypt16* - Crypt16 64- *md5_crypt* - MD5 Crypt 65- *bcrypt* - BCrypt 66- *sha1_crypt* - SHA-1 Crypt 67- *sun_md5_crypt* - Sun MD5 Crypt 68- *sha256_crypt* - SHA-256 Crypt 69- *sha512_crypt* - SHA-512 Crypt 70- *apr_md5_crypt* - Apache's MD5-Crypt variant 71- *phpass* - PHPass' Portable Hash 72- *pbkdf2_digest* - Generic PBKDF2 Hashes 73- *cta_pbkdf2_sha1* - Cryptacular's PBKDF2 hash 74- *dlitz_pbkdf2_sha1* - Dwayne Litzenberger's PBKDF2 hash 75- *scram* - SCRAM Hash 76- *bsd_nthash* - FreeBSD's MCF-compatible nthash encoding 77 78The only parameters accepted are 'salt' or 'salt_size'. You can use your own salt by defining 79'salt', or have one generated automatically using 'salt_size'. By default Ansible generates a salt 80of size 8. 81 82.. versionadded:: 2.7 83 84If you do not have Passlib installed, Ansible uses the `crypt <https://docs.python.org/2/library/crypt.html>`_ library as a fallback. Ansible supports at most four crypt schemes, depending on your platform at most the following crypt schemes are supported: 85 86- *bcrypt* - BCrypt 87- *md5_crypt* - MD5 Crypt 88- *sha256_crypt* - SHA-256 Crypt 89- *sha512_crypt* - SHA-512 Crypt 90 91.. versionadded:: 2.8 92.. _unsafe_prompts: 93 94Allowing special characters in ``vars_prompt`` values 95----------------------------------------------------- 96 97Some special characters, such as ``{`` and ``%`` can create templating errors. If you need to accept special characters, use the ``unsafe`` option:: 98 99 vars_prompt: 100 - name: my_password_with_weird_chars 101 prompt: Enter password 102 unsafe: yes 103 private: yes 104 105.. seealso:: 106 107 :ref:`playbooks_intro` 108 An introduction to playbooks 109 :ref:`playbooks_conditionals` 110 Conditional statements in playbooks 111 :ref:`playbooks_variables` 112 All about variables 113 `User Mailing List <https://groups.google.com/group/ansible-devel>`_ 114 Have a question? Stop by the google group! 115 `irc.libera.chat <https://libera.chat/>`_ 116 #ansible IRC chat channel 117