community.general.tss – Get secrets from Thycotic Secret Server

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.tss.

New in version 1.0.0: of community.general

Synopsis

• Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with username and password on the REST API at base_url.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• python-tss-sdk - https://pypi.org/project/python-tss-sdk/

Parameters

Parameter	Choices/Defaults	Configuration	Comments
_terms integer / required			The integer ID of the secret.
api_path_uri string	Default: "/api/v1"	env:TSS_API_PATH_URI	The path to append to the base URL to form a valid REST API request.
base_url string / required		ini entries: [tss_lookup] base_url = None env:TSS_BASE_URL	The base URL of the server, e.g. https://localhost/SecretServer.
password string / required		ini entries: [tss_lookup] password = None env:TSS_PASSWORD	The password associated with the supplied username.
token_path_uri string	Default: "/oauth2/token"	env:TSS_TOKEN_PATH_URI	The path to append to the base URL to form a valid OAuth2 Access Grant request.
username string / required		ini entries: [tss_lookup] username = None env:TSS_USERNAME	The username with which to request the OAuth2 Access Grant.

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.tss', 1) }}"
  tasks:
      - ansible.builtin.debug:
          msg: >
            the password is {{
              (secret['items']
                | items2dict(key_name='slug',
                             value_name='itemValue'))['password']
            }}

- hosts: localhost
  vars:
      secret: >-
        {{
            lookup(
                'community.general.tss',
                102,
                base_url='https://secretserver.domain.com/SecretServer/',
                username='user.name',
                password='password'
            )
        }}
  tasks:
      - ansible.builtin.debug:
          msg: >
            the password is {{
              (secret['items']
                | items2dict(key_name='slug',
                             value_name='itemValue'))['password']
            }}

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key	Returned	Description
_list list / elements=dictionary	success	The JSON responses to GET /secrets/{id}. See https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get.

Authors

• Adam Migus (@amigus) <adam@migus.org>