You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 4.8.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.dsv.

New in version 1.0.0: of community.general

Synopsis

• Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/

Parameters

Parameter	Comments
_terms string / required	The path to the secret, e.g. /staging/servers/web1.
client_id string / required	The client_id with which to request the Access Grant. Configuration: INI entry: [dsv_lookup] client_id = None Environment variable: DSV_CLIENT_ID
client_secret string / required	The client secret associated with the specific client_id. Configuration: INI entry: [dsv_lookup] client_secret = None Environment variable: DSV_CLIENT_SECRET
tenant string / required	The first format parameter in the default url_template. Configuration: INI entry: [dsv_lookup] tenant = None Environment variable: DSV_TENANT
tld string	The top-level domain of the tenant; the second format parameter in the default url_template. Default: “com” Configuration: INI entry: [dsv_lookup] tld = com Environment variable: DSV_TLD
url_template string	The path to prepend to the base URL to form a valid REST API request. Default: “https://{}.secretsvaultcloud.{}/v1” Configuration: INI entry: [dsv_lookup] url_template = https://{}.secretsvaultcloud.{}/v1 Environment variable: DSV_URL_TEMPLATE

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key	Description
_list list / elements=dictionary	One or more JSON responses to GET /secrets/{path}. See https://dsv.thycotic.com/api/index.html#operation/getSecret. Returned: success

Authors

• Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication