ansible / ansible.builtin / v2.8.19 / lookup / cyberarkpassword get secrets from CyberArk AIM | "added in version" 2.4 of ansible.builtin" Authors: unknownansible.builtin.cyberarkpassword (v2.8.19) — lookup
pip
Install with pip install ansible==2.8.19
Get secrets from CyberArk AIM.
- name: passing options to the lookup debug: msg={{ lookup("cyberarkpassword", cyquery)}} vars: cyquery: appid: "app_ansible" query: "safe=CyberArk_Passwords;folder=root;object=AdminPass" output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop debug: msg={{item}} with_cyberarkpassword: appid: 'app_ansible' query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass' output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
appid: description: Defines the unique ID of the application that is issuing the password request. required: true query: description: Describes the filter criteria for the password retrieval. required: true _extra: description: for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide" output: default: password description: - Specifies the desired output fields separated by commas. - 'They could be: Password, PassProps.<property>, PasswordChangeInProcess' _command: default: /opt/CARKaim/sdk/clipasswordsdk description: Cyberark CLI utility. env: - name: AIM_CLIPASSWORDSDK_CMD
passprops: description: properties assigned to the entry type: dictionary password: description: - The actual value stored passwordchangeinprocess: description: did the password change?