You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.general.cyberarkpassword lookup – get secrets from CyberArk AIM

Note

This lookup plugin is part of the community.general collection (version 7.5.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.cyberarkpassword.

Synopsis

• Get secrets from CyberArk AIM.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• CyberArk AIM tool installed

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.cyberarkpassword', key1=value1, key2=value2, ...) and query('community.general.cyberarkpassword', key1=value1, key2=value2, ...)

Parameter	Comments
_command string	Cyberark CLI utility. Default: "/opt/CARKaim/sdk/clipasswordsdk" Configuration: Environment variable: AIM_CLIPASSWORDSDK_CMD
_extra string	for extra_params values please check parameters for clipasswordsdk in CyberArk’s “Credential Provider and ASCP Implementation Guide”
appid string / required	Defines the unique ID of the application that is issuing the password request.
output string	Specifies the desired output fields separated by commas. They could be: Password, PassProps.<property>, PasswordChangeInProcess Default: "password"
query string / required	Describes the filter criteria for the password retrieval.

Notes

Note

• For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.

Examples

- name: passing options to the lookup
  ansible.builtin.debug:
      msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
  vars:
    cyquery:
      appid: "app_ansible"
      query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  ansible.builtin.debug:
      msg: "{{item}}"
  with_community.general.cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Value

Key	Description
Return value list / elements=dictionary	A list containing one dictionary. Returned: success
passprops dictionary	properties assigned to the entry Returned: success
password string	The actual value stored Returned: success
passwordchangeinprocess string	did the password change? Returned: success

Authors

• Unknown

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

• Issue Tracker
• Repository (Sources)
• Submit a bug report
• Request a feature
• Communication