cyberark.conjur.conjur_variable lookup – Fetch credentials from CyberArk Conjur.
Note
This lookup plugin is part of the cyberark.conjur collection (version 1.3.6).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cyberark.conjur.
You need further requirements to be able to use this lookup plugin,
see Requirements for details.
To use it in a playbook, specify: cyberark.conjur.conjur_variable.
New in cyberark.conjur 1.0.2
Synopsis
Retrieves credentials from Conjur using the controlling host’s Conjur identity, environment variables, or extra-vars. Environment variables could be CONJUR_ACCOUNT, CONJUR_APPLIANCE_URL, CONJUR_CERT_FILE, CONJUR_CERT_CONTENT, CONJUR_AUTHN_LOGIN, CONJUR_AUTHN_API_KEY, CONJUR_AUTHN_TOKEN_FILE, CONJUR_AUTHN_TYPE, CONJUR_AUTHN_SERVICE_ID, AZURE_CLIENT_ID Extra-vars could be conjur_account, conjur_appliance_url, conjur_cert_file, conjur_cert_content, conjur_authn_login, conjur_authn_api_key, conjur_authn_token_file, conjur_authn_type, conjur_authn_service_id, azure_client_id Conjur info - https://www.conjur.org/.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
The controlling host running Ansible has a Conjur identity. (More: https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html)
Terms
Parameter |
Comments |
|---|---|
Variable path |
Keyword parameters
This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following
examples: lookup('cyberark.conjur.conjur_variable', key1=value1, key2=value2, ...) and query('cyberark.conjur.conjur_variable', key1=value1, key2=value2, ...)
Parameter |
Comments |
|---|---|
Store lookup result in a temporary file and returns the file path. Thus allowing it to be consumed as an ansible file parameter (eg ansible_ssh_private_key_file). Choices:
|
|
Client id for azure user-assigned managed identity Configuration:
|
|
Path to the Conjur configuration file. The configuration file is a YAML file. Default: Configuration:
|
|
Conjur account Configuration:
|
|
Conjur appliance url Configuration:
|
|
Conjur authn api key Configuration:
|
|
Conjur authn login Configuration:
|
|
Service ID for cloud-based authenticators Configuration:
|
|
Path to the access token file Configuration:
|
|
Type of Conjur authenticator Configuration:
|
|
Content of the Conjur cert Configuration:
|
|
Path to the Conjur cert file Configuration:
|
|
Path to the Conjur identity file. The identity file follows the netrc file format convention. Default: Configuration:
|
|
Flag to control SSL certificate validation Choices:
|
Note
Configuration entries listed above for each entry type (Ansible variable, environment variable, and so on) have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. The entry types are also ordered by precedence from low to high priority order. For example, an ansible.cfg entry (further up in the list) is overwritten by an Ansible variable (further down in the list).
Notes
Note
When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters:
lookup('cyberark.conjur.conjur_variable', term1, term2, key1=value1, key2=value2)andquery('cyberark.conjur.conjur_variable', term1, term2, key1=value1, key2=value2)
Examples
---
- hosts: localhost
collections:
- cyberark.conjur
tasks:
- name: Lookup variable in Conjur
debug:
msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
Return Value
Key |
Description |
|---|---|
Value stored in Conjur. Returned: success |