cyberarkpassword – get secrets from CyberArk AIM¶
New in version 2.4.
Synopsis¶
Get secrets from CyberArk AIM.
Requirements¶
The below requirements are needed on the local master node that executes this lookup.
CyberArk AIM tool installed
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
|
_command
-
|
Default: "/opt/CARKaim/sdk/clipasswordsdk"
|
env:AIM_CLIPASSWORDSDK_CMD
|
Cyberark CLI utility.
|
|
_extra
-
|
for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
|
||
|
appid
-
/ required
|
Defines the unique ID of the application that is issuing the password request.
|
||
|
output
-
|
Default: "password"
|
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
|
|
|
query
-
/ required
|
Describes the filter criteria for the password retrieval.
|
Examples¶
- name: passing options to the lookup
debug: msg={{ lookup("cyberarkpassword", cyquery)}}
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
debug: msg={{item}}
with_cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Values¶
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
|
passprops
dictionary
|
properties assigned to the entry
|
|
|
password
-
|
The actual value stored
|
|
|
passwordchangeinprocess
-
|
did the password change?
|
Status¶
This lookup is not guaranteed to have a backwards compatible interface. [preview]
This lookup is maintained by the Ansible Community. [community]