- Docs »
- cyberark.pas.cyberark_credential – Credential retrieval using AAM Central Credential Provider.
-
You are reading the latest community version of the Ansible documentation. Red Hat subscribers, select 2.9 in the version selection to the left for the most recent Red Hat release.
cyberark.pas.cyberark_credential – Credential retrieval using AAM Central Credential Provider.
Note
This plugin is part of the cyberark.pas collection (version 1.0.6).
To install it use: ansible-galaxy collection install cyberark.pas.
To use it in a playbook, specify: cyberark.pas.cyberark_credential.
New in version 2.4: of cyberark.pas
| Parameter |
Choices/Defaults |
Comments |
|
api_base_url
string
/ required
|
|
A string containing the base URL of the server hosting the Central Credential Provider.
|
|
app_id
string
/ required
|
|
A string containing the Application ID authorized for retrieving the credential.
|
|
client_cert
string
|
|
A string containing the file location and name of the client certificate used for authentication.
|
|
client_key
string
|
|
A string containing the file location and name of the private key of the client certificate used for authentication.
|
|
connection_timeout
integer
|
Default:
"30"
|
An integer value of the allowed time before the request returns failed.
|
|
fail_request_on_password_change
boolean
|
|
A boolean parameter for completing the request in the middle of a password change of the requested credential.
|
|
query
string
/ required
|
|
A string containing details of the object being queried;
Possible parameters could be Safe, Folder, Object
(internal account name), UserName, Address, Database,
PolicyID.
|
|
query_format
string
|
|
The format for which your Query will be received by the CCP.
|
|
reason
string
|
|
Reason for requesting credential if required by policy;
It must be specified if the Policy managing the object
requires it.
|
|
validate_certs
boolean
|
|
If false, SSL certificate chain will not be validated. This should only set to true if you have a root CA certificate installed on each node.
|
tasks:
- name: credential retrieval basic
cyberark_credential:
api_base_url: "http://10.10.0.1"
app_id: "TestID"
query: "Safe=test;UserName=admin"
register: result
- name: credential retrieval advanced
cyberark_credential:
api_base_url: "https://components.cyberark.local"
validate_certs: yes
client_cert: /etc/pki/ca-trust/source/client.pem
client_key: /etc/pki/ca-trust/source/priv-key.pem
app_id: "TestID"
query: "Safe=test;UserName=admin"
connection_timeout: 60
query_format: Exact
fail_request_on_password_change: True
reason: "requesting credential for Ansible deployment"
register: result
Common return values are documented here, the following are the fields unique to this module:
| Key |
Returned |
Description |
|
changed
boolean
|
always |
Identify if the playbook run resulted in a change to the account in any way.
|
|
failed
boolean
|
always |
Whether playbook run resulted in a failure of any kind.
|
|
result
complex
|
success |
A json dump of the resulting action.
|
| |
Address
string
|
if required |
The target address of the credential being queried
|
| |
Content
string
|
always |
The password for the object being queried
|
| |
CPMDisabled
string
|
if CPM management is disabled and a reason is given |
A description of why this vaulted credential is not being managed by the CPM.
|
| |
CreationMethod
string
|
always |
This is how the object was created in the Vault
|
| |
DeviceType
string
|
always |
An internal File Category for more granular management of Platforms.
|
| |
Folder
string
|
always |
The folder within the Safe where the credential is stored.
|
| |
LogonDomain
string
|
if populated |
The Address friendly name resolved by the CPM
|
| |
Name
string
|
always |
The Cyberark unique object ID of the credential being queried.
|
| |
PasswordChangeInProcess
boolean
|
always |
If the password has a change flag placed by the CPM
|
| |
PolicyID
string
|
if assigned to a policy |
Whether or not SSL certificates should be validated.
|
| |
Safe
string
|
always |
The safe where the queried credential is stored
|
| |
Username
string
|
if required |
The username of the credential being queried
|
|
status_code
integer
|
success |
Result HTTP Status code.
Sample:
200, 201, -1, 204
|
Authors
Edward Nunez (@enunez-cyberark)
CyberArk BizDev (@cyberark-bizdev)
Erasmo Acosta (@erasmix)
James Stutes (@JimmyJamCABD)
