community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 6.6.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.dsv.

New in community.general 1.0.0

Synopsis

  • Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Terms

Parameter

Comments

Terms

string / required

The path to the secret, e.g. /staging/servers/web1.

Parameters

Parameter

Comments

client_id

string / required

The client_id with which to request the Access Grant.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_id = VALUE
    
  • Environment variable: DSV_CLIENT_ID

client_secret

string / required

The client secret associated with the specific client_id.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_secret = VALUE
    
  • Environment variable: DSV_CLIENT_SECRET

tenant

string / required

The first format parameter in the default url_template.

Configuration:

  • INI entry:

    [dsv_lookup]
    tenant = VALUE
    
  • Environment variable: DSV_TENANT

tld

string

The top-level domain of the tenant; the second format parameter in the default url_template.

Default: "com"

Configuration:

  • INI entry:

    [dsv_lookup]
    tld = com
    
  • Environment variable: DSV_TLD

url_template

string

The path to prepend to the base URL to form a valid REST API request.

Default: "https://{}.secretsvaultcloud.{}/v1"

Configuration:

  • INI entry:

    [dsv_lookup]
    url_template = https://{}.secretsvaultcloud.{}/v1
    
  • Environment variable: DSV_URL_TEMPLATE

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Value

Key

Description

Return value

list / elements=dictionary

One or more JSON responses to GET /secrets/{path}.

See https://dsv.thycotic.com/api/index.html#operation/getSecret.

Returned: success

Authors

  • Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.