community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 11.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.dsv.

New in community.general 1.0.0

Synopsis

• Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/

Terms

Parameter	Comments
Terms string / required	The path to the secret, for example /staging/servers/web1.

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.dsv', key1=value1, key2=value2, ...) and query('community.general.dsv', key1=value1, key2=value2, ...)

Parameter	Comments
client_id string / required	The client_id with which to request the Access Grant. Configuration: INI entry: [dsv_lookup] client_id = VALUE Environment variable: DSV_CLIENT_ID
client_secret string / required	The client secret associated with the specific client_id. Configuration: INI entry: [dsv_lookup] client_secret = VALUE Environment variable: DSV_CLIENT_SECRET
tenant string / required	The first format parameter in the default url_template. Configuration: INI entry: [dsv_lookup] tenant = VALUE Environment variable: DSV_TENANT
tld string	The top-level domain of the tenant; the second format parameter in the default url_template. Default: "com" Configuration: INI entry: [dsv_lookup] tld = com Environment variable: DSV_TLD
url_template string	The path to prepend to the base URL to form a valid REST API request. Default: "https://{}.secretsvaultcloud.{}/v1" Configuration: INI entry: [dsv_lookup] url_template = https://{}.secretsvaultcloud.{}/v1 Environment variable: DSV_URL_TEMPLATE

Note

Configuration entries listed above for each entry type (Ansible variable, environment variable, and so on) have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. The entry types are also ordered by precedence from low to high priority order. For example, an ansible.cfg entry (further up in the list) is overwritten by an Ansible variable (further down in the list).

Notes

Note

• When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters: lookup('community.general.dsv', term1, term2, key1=value1, key2=value2) and query('community.general.dsv', term1, term2, key1=value1, key2=value2)

Examples

- hosts: localhost
  vars:
    secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
    - ansible.builtin.debug:
        msg: 'the password is {{ secret["data"]["password"] }}'

Return Value

Key	Description
Return value list / elements=dictionary	One or more JSON responses to GET /secrets/{path}. See https://dsv.thycotic.com/api/index.html#operation/getSecret. Returned: success

Authors

• Adam Migus (@amigus)

Collection links

• Issue Tracker
• Repository (Sources)
• Ask for help
• Submit a bug report
• Request a feature
• Communication