community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 4.8.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.dsv.

New in version 1.0.0: of community.general

Synopsis

  • Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Parameters

Parameter

Comments

_terms

string / required

The path to the secret, e.g. /staging/servers/web1.

client_id

string / required

The client_id with which to request the Access Grant.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_id = None
    
  • Environment variable: DSV_CLIENT_ID

client_secret

string / required

The client secret associated with the specific client_id.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_secret = None
    
  • Environment variable: DSV_CLIENT_SECRET

tenant

string / required

The first format parameter in the default url_template.

Configuration:

  • INI entry:

    [dsv_lookup]
    tenant = None
    
  • Environment variable: DSV_TENANT

tld

string

The top-level domain of the tenant; the second format parameter in the default url_template.

Default: “com”

Configuration:

  • INI entry:

    [dsv_lookup]
    tld = com
    
  • Environment variable: DSV_TLD

url_template

string

The path to prepend to the base URL to form a valid REST API request.

Default: “https://{}.secretsvaultcloud.{}/v1”

Configuration:

  • INI entry:

    [dsv_lookup]
    url_template = https://{}.secretsvaultcloud.{}/v1
    
  • Environment variable: DSV_URL_TEMPLATE

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key

Description

_list

list / elements=dictionary

One or more JSON responses to GET /secrets/{path}.

See https://dsv.thycotic.com/api/index.html#operation/getSecret.

Returned: success

Authors

  • Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.