ansible.builtin.cyberarkpassword (v2.9.27) — lookup

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

Get secrets from CyberArk AIM.

Requirements

• CyberArk AIM tool installed

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

  - name: passing options to the lookup
    debug: msg={{ lookup("cyberarkpassword", cyquery)}}
    vars:
      cyquery:
        appid: "app_ansible"
        query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
        output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

  - name: used in a loop
    debug: msg={{item}}
    with_cyberarkpassword:
        appid: 'app_ansible'
        query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
        output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Inputs

    
appid:
    description: Defines the unique ID of the application that is issuing the password
      request.
    required: true

query:
    description: Describes the filter criteria for the password retrieval.
    required: true

_extra:
    description: for extra_parms values please check parameters for clipasswordsdk in
      CyberArk's "Credential Provider and ASCP Implementation Guide"

output:
    default: password
    description:
    - Specifies the desired output fields separated by commas.
    - 'They could be: Password, PassProps.<property>, PasswordChangeInProcess'

_command:
    default: /opt/CARKaim/sdk/clipasswordsdk
    description: Cyberark CLI utility.
    env:
    - name: AIM_CLIPASSWORDSDK_CMD

Outputs

passprops:
  description: properties assigned to the entry
  type: dictionary
password:
  description:
  - The actual value stored
passwordchangeinprocess:
  description: did the password change?