community.general.cyberarkpassword – get secrets from CyberArk AIM

From Get docs
Ansible/docs/2.10/collections/community/general/cyberarkpassword lookup


community.general.cyberarkpassword – get secrets from CyberArk AIM

Note

This plugin is part of the community.general collection (version 1.3.2).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.cyberarkpassword.


Synopsis

  • Get secrets from CyberArk AIM.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • CyberArk AIM tool installed

Parameters

Parameter Choices/Defaults Configuration Comments

_command

string

Default:

"/opt/CARKaim/sdk/clipasswordsdk"

env:AIM_CLIPASSWORDSDK_CMD

Cyberark CLI utility.

_extra

string

for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"

appid

string / required

Defines the unique ID of the application that is issuing the password request.

output

string

Default:

"password"

Specifies the desired output fields separated by commas.

They could be: Password, PassProps., PasswordChangeInProcess

query

string / required

Describes the filter criteria for the password retrieval.



Notes

Note

  • For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.


Examples

- name: passing options to the lookup
  ansible.builtin.debug:
      msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
  vars:
    cyquery:
      appid: "app_ansible"
      query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  ansible.builtin.debug:
      msg: "{{item}}"
  with_community.general.cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description

passprops

dictionary

success

properties assigned to the entry


password

string

success

The actual value stored


passwordchangeinprocess

string

success

did the password change?





Authors

  • Unknown (!UNKNOWN)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/cyberarkpassword_lookup.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.10/collections/community/general/cyberarkpassword_lookup&oldid=56697"
Powered by MediaWiki