community.general.cyberarkpassword – get secrets from CyberArk AIM

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.cyberarkpassword.

Synopsis

  • Get secrets from CyberArk AIM.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • CyberArk AIM tool installed

Parameters

Parameter Choices/Defaults Configuration Comments
_command
string
Default:
"/opt/CARKaim/sdk/clipasswordsdk"
env:AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
_extra
string
for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
appid
string / required
Defines the unique ID of the application that is issuing the password request.
output
string
Default:
"password"
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
query
string / required
Describes the filter criteria for the password retrieval.

Notes

Note

  • For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.

Examples

- name: passing options to the lookup
  ansible.builtin.debug:
      msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
  vars:
    cyquery:
      appid: "app_ansible"
      query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  ansible.builtin.debug:
      msg: "{{item}}"
  with_community.general.cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
passprops
dictionary
success
properties assigned to the entry

password
string
success
The actual value stored

passwordchangeinprocess
string
success
did the password change?



Authors

  • Unknown (!UNKNOWN)