cyberark.conjur.conjur_variable – Fetch credentials from CyberArk Conjur.

Note

This plugin is part of the cyberark.conjur collection (version 1.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cyberark.conjur.

To use it in a playbook, specify: cyberark.conjur.conjur_variable.

New in version 2.5: of cyberark.conjur

Synopsis

  • Retrieves credentials from Conjur using the controlling host’s Conjur identity or environment variables. Environment variables could be CONJUR_ACCOUNT, CONJUR_APPLIANCE_URL, CONJUR_CERT_FILE, CONJUR_AUTHN_LOGIN, CONJUR_AUTHN_API_KEY, CONJUR_AUTHN_TOKEN_FILE Conjur info - https://www.conjur.org/.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Parameters

Parameter Choices/Defaults Configuration Comments
_terms
string / required
Variable path
as_file
boolean
    Choices:
  • no ←
  • yes
Store lookup result in a temporary file and returns the file path. Thus allowing it to be consumed as an ansible file parameter (eg ansible_ssh_private_key_file).
authn_token_file
path
Default:
"/var/run/conjur/access-token"
ini entries:

[conjur,]
authn_token_file = /var/run/conjur/access-token

env:CONJUR_AUTHN_TOKEN_FILE
Path to the access token file.
config_file
path
Default:
"/etc/conjur.conf"
ini entries:

[conjur,]
config_file_path = /etc/conjur.conf

env:CONJUR_CONFIG_FILE
Path to the Conjur configuration file. The configuration file is a YAML file.
identity_file
path
Default:
"/etc/conjur.identity"
ini entries:

[conjur,]
identity_file_path = /etc/conjur.identity

env:CONJUR_IDENTITY_FILE
Path to the Conjur identity file. The identity file follows the netrc file format convention.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Flag to control SSL certificate validation

Examples

---
  - hosts: localhost
    collections:
      - cyberark.conjur
    tasks:
      - name: Lookup variable in Conjur
        debug:
          msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
_raw
string
success
Value stored in Conjur.



Authors

  • CyberArk BizDev (@cyberark-bizdev)

  • CyberArk Community and Integrations Team (@cyberark/community-and-integrations-team)