cyberark.conjur.conjur_variable lookup – Fetch credentials from CyberArk Conjur.
Note
This lookup plugin is part of the cyberark.conjur collection (version 1.3.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cyberark.conjur
.
You need further requirements to be able to use this lookup plugin,
see Requirements for details.
To use it in a playbook, specify: cyberark.conjur.conjur_variable
.
New in cyberark.conjur 1.0.2
Synopsis
Retrieves credentials from Conjur using the controlling host’s Conjur identity, environment variables, or extra-vars. Environment variables could be CONJUR_ACCOUNT, CONJUR_APPLIANCE_URL, CONJUR_CERT_FILE, CONJUR_AUTHN_LOGIN, CONJUR_AUTHN_API_KEY, CONJUR_AUTHN_TOKEN_FILE Extra-vars could be conjur_account, conjur_appliance_url, conjur_cert_file, conjur_authn_login, conjur_authn_api_key, conjur_authn_token_file Conjur info - https://www.conjur.org/.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
The controlling host running Ansible has a Conjur identity. (More: https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html)
Terms
Parameter |
Comments |
---|---|
Variable path |
Keyword parameters
This describes keyword parameters of the lookup. These are the values key1=value1
, key2=value2
and so on in the following
examples: lookup('cyberark.conjur.conjur_variable', key1=value1, key2=value2, ...)
and query('cyberark.conjur.conjur_variable', key1=value1, key2=value2, ...)
Parameter |
Comments |
---|---|
Store lookup result in a temporary file and returns the file path. Thus allowing it to be consumed as an ansible file parameter (eg ansible_ssh_private_key_file). Choices:
|
|
Path to the Conjur configuration file. The configuration file is a YAML file. Default: Configuration:
|
|
Conjur account Configuration:
|
|
Conjur appliance url Configuration:
|
|
Conjur authn api key Configuration:
|
|
Conjur authn login Configuration:
|
|
Path to the access token file Configuration:
|
|
Path to the Conjur cert file Configuration:
|
|
Path to the Conjur identity file. The identity file follows the netrc file format convention. Default: Configuration:
|
|
Flag to control SSL certificate validation Choices:
|
Notes
Note
When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters:
lookup('cyberark.conjur.conjur_variable', term1, term2, key1=value1, key2=value2)
andquery('cyberark.conjur.conjur_variable', term1, term2, key1=value1, key2=value2)
Examples
---
- hosts: localhost
collections:
- cyberark.conjur
tasks:
- name: Lookup variable in Conjur
debug:
msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
Return Value
Key |
Description |
---|---|
Value stored in Conjur. Returned: success |