Generating Mosquitto password hashes with Ansible

I had the need to generate a password file for Mosquitto with Ansible but couldn’t easily find the correct incantation elsewhere online. A bit of poking around in the source and experimenting yielded the following jinja2 template which I thought might be useful to share:

# {{ ansible_managed }}

{% for item in mqtt_accounts %}
{{ item.username }}:{{ item.password | password_hash('pbkdf2_sha512', item.salt) | replace('$pbkdf2-sha512$', '$7$') | replace('.', '+') }}==
{% endfor %}

The passlib pbkdf2_sha512 hash is very nearly the right format but for two minor differences (handled by the replace() filters) and trailing ==

Note: The salt value needs to be exactly 12 characters long for Mosquitto to accept it.

« Prev Next »