community.general.cyberarkpassword – get secrets from CyberArk AIM
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.cyberarkpassword
.
Synopsis
- Get secrets from CyberArk AIM.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
- CyberArk AIM tool installed
Parameters
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_command string | Default: "/opt/CARKaim/sdk/clipasswordsdk" | env:AIM_CLIPASSWORDSDK_CMD | Cyberark CLI utility. |
_extra string | for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide" | ||
appid string / required | Defines the unique ID of the application that is issuing the password request. | ||
output string | Default: "password" | Specifies the desired output fields separated by commas. They could be: Password, PassProps.<property>, PasswordChangeInProcess | |
query string / required | Describes the filter criteria for the password retrieval. |
Notes
Note
- For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.
Examples
- name: passing options to the lookup ansible.builtin.debug: msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}' vars: cyquery: appid: "app_ansible" query: "safe=CyberArk_Passwords;folder=root;object=AdminPass" output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess" - name: used in a loop ansible.builtin.debug: msg: "{{item}}" with_community.general.cyberarkpassword: appid: 'app_ansible' query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass' output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
passprops dictionary | success | properties assigned to the entry |
password string | success | The actual value stored |
passwordchangeinprocess string | success | did the password change? |
Authors
- Unknown (!UNKNOWN)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/cyberarkpassword_lookup.html