You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 6.6.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.dsv.

New in community.general 1.0.0

Synopsis

• Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/

Terms

Parameter	Comments
Terms string / required	The path to the secret, e.g. /staging/servers/web1.

Parameters

Parameter	Comments
client_id string / required	The client_id with which to request the Access Grant. Configuration: INI entry: [dsv_lookup] client_id = VALUE Environment variable: DSV_CLIENT_ID
client_secret string / required	The client secret associated with the specific client_id. Configuration: INI entry: [dsv_lookup] client_secret = VALUE Environment variable: DSV_CLIENT_SECRET
tenant string / required	The first format parameter in the default url_template. Configuration: INI entry: [dsv_lookup] tenant = VALUE Environment variable: DSV_TENANT
tld string	The top-level domain of the tenant; the second format parameter in the default url_template. Default: "com" Configuration: INI entry: [dsv_lookup] tld = com Environment variable: DSV_TLD
url_template string	The path to prepend to the base URL to form a valid REST API request. Default: "https://{}.secretsvaultcloud.{}/v1" Configuration: INI entry: [dsv_lookup] url_template = https://{}.secretsvaultcloud.{}/v1 Environment variable: DSV_URL_TEMPLATE

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Value

Key	Description
Return value list / elements=dictionary	One or more JSON responses to GET /secrets/{path}. See https://dsv.thycotic.com/api/index.html#operation/getSecret. Returned: success

Authors

• Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication