community.general.tss – Get secrets from Thycotic Secret Server

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.tss.

New in version 1.0.0: of community.general

Synopsis

  • Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with username and password on the REST API at base_url.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Parameters

Parameter Choices/Defaults Configuration Comments
_terms
integer / required
The integer ID of the secret.
api_path_uri
string
Default:
"/api/v1"
env:TSS_API_PATH_URI
The path to append to the base URL to form a valid REST API request.
base_url
string / required
ini entries:

[tss_lookup]
base_url = None

env:TSS_BASE_URL
The base URL of the server, e.g. https://localhost/SecretServer.
password
string / required
ini entries:

[tss_lookup]
password = None

env:TSS_PASSWORD
The password associated with the supplied username.
token_path_uri
string
Default:
"/oauth2/token"
env:TSS_TOKEN_PATH_URI
The path to append to the base URL to form a valid OAuth2 Access Grant request.
username
string / required
ini entries:

[tss_lookup]
username = None

env:TSS_USERNAME
The username with which to request the OAuth2 Access Grant.

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.tss', 1) }}"
  tasks:
      - ansible.builtin.debug:
          msg: >
            the password is {{
              (secret['items']
                | items2dict(key_name='slug',
                             value_name='itemValue'))['password']
            }}

- hosts: localhost
  vars:
      secret: >-
        {{
            lookup(
                'community.general.tss',
                102,
                base_url='https://secretserver.domain.com/SecretServer/',
                username='user.name',
                password='password'
            )
        }}
  tasks:
      - ansible.builtin.debug:
          msg: >
            the password is {{
              (secret['items']
                | items2dict(key_name='slug',
                             value_name='itemValue'))['password']
            }}

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
_list
list / elements=dictionary
success
The JSON responses to GET /secrets/{id}.



Authors