community.general.cyberarkpassword lookup – get secrets from CyberArk AIM
Note
This lookup plugin is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this lookup plugin,
see Requirements for details.
To use it in a playbook, specify: community.general.cyberarkpassword
.
Synopsis
Get secrets from CyberArk AIM.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
CyberArk AIM tool installed
Keyword parameters
This describes keyword parameters of the lookup. These are the values key1=value1
, key2=value2
and so on in the following
examples: lookup('community.general.cyberarkpassword', key1=value1, key2=value2, ...)
and query('community.general.cyberarkpassword', key1=value1, key2=value2, ...)
Parameter |
Comments |
---|---|
Cyberark CLI utility. Default: Configuration:
|
|
for extra_params values please check parameters for clipasswordsdk in CyberArk’s “Credential Provider and ASCP Implementation Guide” |
|
Defines the unique ID of the application that is issuing the password request. |
|
Specifies the desired output fields separated by commas. They could be: Password, PassProps.<property>, PasswordChangeInProcess Default: |
|
Describes the filter criteria for the password retrieval. |
Notes
Note
For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.
Examples
- name: passing options to the lookup
ansible.builtin.debug:
msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
ansible.builtin.debug:
msg: "{{item}}"
with_community.general.cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
Return Value
Key |
Description |
---|---|
A list containing one dictionary. Returned: success |
|
properties assigned to the entry Returned: success |
|
The actual value stored Returned: success |
|
did the password change? Returned: success |