community.general.dsv – Get secrets from Thycotic DevOps Secrets Vault
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.dsv.
New in version 1.0.0: of community.general
Synopsis
Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/
Parameters
Parameter |
Comments |
|---|---|
The path to the secret, e.g. |
|
The client_id with which to request the Access Grant. Configuration:
|
|
The client secret associated with the specific client_id. Configuration:
|
|
The first format parameter in the default url_template. Configuration:
|
|
The top-level domain of the tenant; the second format parameter in the default url_template. Default: “com” Configuration:
|
|
The path to prepend to the base URL to form a valid REST API request. Default: “https://{}.secretsvaultcloud.{}/v1” Configuration:
|
Examples
- hosts: localhost
vars:
secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
tasks:
- ansible.builtin.debug:
msg: 'the password is {{ secret["data"]["password"] }}'
Return Values
Common return values are documented here, the following are the fields unique to this lookup:
Key |
Description |
|---|---|
One or more JSON responses to See https://dsv.thycotic.com/api/index.html#operation/getSecret. Returned: success |
Authors
Adam Migus (@amigus) <adam@migus.org>