community.general.cyberarkpassword – get secrets from CyberArk AIM
community.general.cyberarkpassword – get secrets from CyberArk AIM
Note
This plugin is part of the community.general collection (version 1.3.2).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.cyberarkpassword
.
Synopsis
- Get secrets from CyberArk AIM.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
- CyberArk AIM tool installed
Parameters
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_command string |
Default: "/opt/CARKaim/sdk/clipasswordsdk" |
env:AIM_CLIPASSWORDSDK_CMD |
Cyberark CLI utility. |
_extra string |
for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide" | ||
appid string / required |
Defines the unique ID of the application that is issuing the password request. | ||
output string |
Default: "password" |
Specifies the desired output fields separated by commas. They could be: Password, PassProps., PasswordChangeInProcess | |
query string / required |
Describes the filter criteria for the password retrieval. |
Notes
Note
- For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.
Examples
- name: passing options to the lookup
ansible.builtin.debug:
msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
ansible.builtin.debug:
msg: "{{item}}"
with_community.general.cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
passprops dictionary |
success |
properties assigned to the entry
|
password string |
success |
The actual value stored
|
passwordchangeinprocess string |
success |
did the password change?
|
Authors
- Unknown (!UNKNOWN)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/cyberarkpassword_lookup.html