community.general.dsv – Get secrets from Thycotic DevOps Secrets Vault

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.dsv.

New in version 1.0.0: of community.general

Synopsis

  • Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Parameters

Parameter Choices/Defaults Configuration Comments
_terms
string / required
The path to the secret, e.g. /staging/servers/web1.
client_id
string / required
ini entries:

[dsv_lookup]
client_id = None

env:DSV_CLIENT_ID
The client_id with which to request the Access Grant.
client_secret
string / required
ini entries:

[dsv_lookup]
client_secret = None

env:DSV_CLIENT_SECRET
The client secret associated with the specific client_id.
tenant
string / required
ini entries:

[dsv_lookup]
tenant = None

env:DSV_TENANT
The first format parameter in the default url_template.
tld
string
Default:
"com"
ini entries:

[dsv_lookup]
tld = com

env:DSV_TLD
The top-level domain of the tenant; the second format parameter in the default url_template.
url_template
string
Default:
"https://{}.secretsvaultcloud.{}/v1"
ini entries:

[dsv_lookup]
url_template = https://{}.secretsvaultcloud.{}/v1

env:DSV_URL_TEMPLATE
The path to prepend to the base URL to form a valid REST API request.

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
_list
list / elements=dictionary
success
One or more JSON responses to GET /secrets/{path}.



Authors