cyberarkpassword – get secrets from CyberArk AIM¶
New in version 2.4.
Requirements¶
The below requirements are needed on the local master node that executes this lookup.
- CyberArk AIM tool installed
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
|
_command
-
|
Default: "/opt/CARKaim/sdk/clipasswordsdk"
|
env:AIM_CLIPASSWORDSDK_CMD
|
Cyberark CLI utility.
|
|
_extra
-
|
for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
|
||
|
appid
-
/ required
|
Defines the unique ID of the application that is issuing the password request.
|
||
|
output
-
|
Default: "password"
|
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
|
|
|
query
-
/ required
|
Describes the filter criteria for the password retrieval.
|
Examples¶
- name: passing options to the lookup
debug: msg={{ lookup("cyberarkpassword", cyquery)}}
vars:
cyquery:
appid: "app_ansible"
query": "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
debug: msg={{item}}
with_cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Values¶
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
|
passprops
dictionary
|
properties assigned to the entry
|
|
|
password
-
|
The actual value stored
|
|
|
passwordchangeinprocess
-
|
did the password change?
|
Status¶
Authors¶
- UNKNOWN
Hint
If you notice any issues in this documentation you can edit this document to improve it.