cyberarkpassword – get secrets from CyberArk AIM
New in version 2.4.
Synopsis
- Get secrets from CyberArk AIM.
Requirements
The below requirements are needed on the local master node that executes this lookup.
- CyberArk AIM tool installed
Parameters
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
| _command - | Default: "/opt/CARKaim/sdk/clipasswordsdk" | env:AIM_CLIPASSWORDSDK_CMD | Cyberark CLI utility. |
| _extra - | for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide" | ||
| appid - / required | Defines the unique ID of the application that is issuing the password request. | ||
| output - | Default: "password" | Specifies the desired output fields separated by commas. They could be: Password, PassProps.<property>, PasswordChangeInProcess | |
| query - / required | Describes the filter criteria for the password retrieval. |
Examples
- name: passing options to the lookup
debug: msg={{ lookup("cyberarkpassword", cyquery)}}
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
debug: msg={{item}}
with_cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
| passprops dictionary | properties assigned to the entry | |
| password - | The actual value stored | |
| passwordchangeinprocess - | did the password change? |
Status
- This lookup is not guaranteed to have a backwards compatible interface. [preview]
- This lookup is maintained by the Ansible Community. [community]
Authors
- UNKNOWN
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
Hint
Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/plugins/lookup/cyberarkpassword.html