Ansible Generate a Random Password

You might be curious as to what a secure password seems like and how it could be generated. You can generate a random secure password using the Ansible configuration tool. The procedure described below will be the basic process to implement in Ansible.

The protection of the information and activities supported by the system requires to come first in any control device and network. It is crucial to appropriately secure an Operating system and perhaps other devices whose privacy hinges on a randomly produced encryption key. Because of this, using a safe password becomes crucial for all users. The devices’ passcodes aid in protecting user activity and information against unauthorized access. Those encryption keys must be generated randomly.

Many platforms require verification methods that give users credential configuration instructions to perform when they initially create an account on their website. It is suggested that you use a strong passcode that is at least 10 to 14 letters in length. Such letter variations must also include digits, alphanumeric keys, and letters in both Lower Case and Upper Case. But what happens if we lack the perseverance or the inventiveness to come up with a new, will we secure encryption key whenever we need another?

In the Ansible configuration tool, users can acquire the credential requirement quickly and without actually thinking. The passcode generation methods that we will evaluate in this article demand that you have a solid understanding of or experience with the Ansible Commands. The method and approach for producing passwords easily fit into the Ansible interface.

Parameters for Producing a Random Password in Ansible

Here are some required and optional parameters which we are going to use in the Ansible playbook so that we can produce the random password.

Required Parameters:

The following are the parameters which must be required to write the commands in the playbook to generate the password:

Term: The term parameter contains a string value in it. The term will be used as a path or location of the document that contains the passcode in it.

Optional Parameters:

Char: It is also a string-type parameter. Provide a punctuation mark group of characters that comprise unique alphabetic characters in the passcodes that have been produced. The letters in randomly mixed upper and lowercase, Alphanumeric letters, 0–9 digits, and symbols are used to produce the basic passcode. These can be utilized directly or even as ASCII letters, numbers, or other string package properties. Utilize double commas to introduce punctuation, particularly towards the finish of the passcode.  In the passcode, double quotes and quotation marks are not allowed.

Encrypt: Several hashing algorithms in Ansible should be utilized to encode the receiving passcodes in a string form. If it is not specified according to the algorithm, then the encryption key would be given back in text format. The receiving passcode is encoded but the passcode itself has always been saved in text format.

Length: By default, the length of the producing passcode will be 20 because it is an integer type.

Prerequisites for Producing Password in Ansible

The prerequisites must be met well before the scenario can be utilized to produce the random passcode in Ansible:

  • Ansible controlling node with the identity ansible controller is required.
  • We also need remote servers to communicate and use the ansible password lookup module and we employ the local host as a target remote host.

We will attempt to employ a scenario where the configuration of the password lookup module serves only as an example of how to produce the random password in Ansible.

Example: Retrieve a Generated Password that was Save in a Document

Here, we will put the simple scenario into practice by using Ansible’s password lookup plugin to obtain the random password. We will first draw the playbook, which will include the tasks and the target hosts. To create a playbook with Ansible, use the command shown below:

[root@master ansible]# nano generate_pwd.yml

The playbook editor will launch into a new terminal window called “generate_pwd” when you type the aforementioned command and press enter. We shall take note of the name of the module or instance that we wish to utilize initially in the terminal header. To display all information linked to the local host in the output, we utilized the Ansible “gather facts” parameter. However, because we don’t want to disclose more information about the target local host, we set the “gather facts” parameter’s value to “false” in the playbook. In this example, we are using the localhost as a target remote host. Following that, we want to specify the tasks that we want to complete. So, we wrote the “tasks” argument and then listed the activities one by one. Here, we have two tasks in the example.

In the 1st activity, we display the name of the task in this list. We must first utilize the “name” argument. Then, we called the “user” parameter and passed the item name. In the password, we will pass the path of the item along with the item name and credentials in the password lookup module. Lastly, we will name the user which “test_user”.

In the second task, we will pass the credentials and the path in the “msg” parameter so that we can debug the tasks and get the random password.

- name: retrieve or generate a random password, stored in a file

  gather_facts: false
  hosts: localhost
    - name: Create users with auto-generated password
        name: "{{ }}"
        password: "{{ lookup('password', 'credentials/' + + '/password.txt encrypt=md5_crypt') }}"
        - name: test_user

    - name: Task that uses the password of test_user
        msg: "{{ lookup('password', 'credentials/test_user/password.txt length=15')


We will not construct the inventory file to establish a connection because we are utilizing the local host as a target remote host. To receive the outcomes from running the playbook created above, enter the following command in the terminal:

[root@master ansible]# ansible-playbook generate_pwd.yml

This is the result. After running the aforementioned command, we will see the localhost now contains a random password in green font with an “ok” indication in the output terminal.


We have learned what is random password in Ansible and how to produce and retrieve a random password in Ansible. To get the random password we have used an Ansible password lookup plugin. We have implemented a scenario with a detailed explanation so that we better understand the aim of today’s topic.

About the author

Kalsoom Bibi

Hello, I am a freelance writer and usually write for Linux and other technology related content