community.general.cyberarkpassword – get secrets from CyberArk AIM

Note

This plugin is part of the community.general collection (version 4.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.cyberarkpassword.

Synopsis

  • Get secrets from CyberArk AIM.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

  • CyberArk AIM tool installed

Parameters

Parameter Choices/Defaults Configuration Comments
_command
string
Default:
"/opt/CARKaim/sdk/clipasswordsdk"
env:AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
_extra
string
for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
appid
string / required
Defines the unique ID of the application that is issuing the password request.
output
string
Default:
"password"
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
query
string / required
Describes the filter criteria for the password retrieval.

Notes

Note

  • For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.

Examples

- name: passing options to the lookup
  ansible.builtin.debug:
      msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
  vars:
    cyquery:
      appid: "app_ansible"
      query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  ansible.builtin.debug:
      msg: "{{item}}"
  with_community.general.cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
passprops
dictionary
success
properties assigned to the entry

password
string
success
The actual value stored

passwordchangeinprocess
string
success
did the password change?



Authors

  • Unknown (!UNKNOWN)