XLAB Steampunk logo Try Spotter
 / home / beyondtrust / beyondtrust.secrets_safe / 1.0.0 / lookup / secrets_safe_lookup

beyondtrust.secrets_safe.secrets_safe_lookup (1.0.0) — lookup

Retrieve ASCII secrets from Secrets Safe.

| "added in version" 1.0.0 of beyondtrust.secrets_safe"

Authors: BeyondTrust

Install collection | Add to requirements.yml | Description | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install beyondtrust.secrets_safe:==1.0.0


Add to requirements.yml

  collections:
    - name: beyondtrust.secrets_safe
      version: 1.0.0

Description

Retrieve ASCII secrets and managed account passwords from BeyondTrust Pasword safe 23.1 or greater.

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- vars:
    apiURL: "{{ lookup('ansible.builtin.env', 'PASSWORD_SAFE_API_URL') }}"

    clientIdFromEnvVar: "{{ lookup('ansible.builtin.env', 'PASSWORD_SAFE_CLIENT_ID') }}"
    secretFromEnvVar: "{{ lookup('ansible.builtin.env', 'PASSWORD_SAFE_CLIENT_SECRET') }}"

    certificatePasswordFromEnVar:  "{{ lookup('ansible.builtin.env', 'CERTIFICATE_PASSWORD') }}"
    certificatePath: "<path>/ClientCertificate.pfx"

    secretManagedAccounts: "fake_system/fake_ managed_account,fake_system/fake_managed_account01"
    gotManagedAccount: "{{lookup('beyondTrust.secrets_safe.secrets_safe_lookup', api_url=apiURL, retrieval_type='MANAGED_ACCOUNT', client_id=clientIdFromEnvVar, client_secret=secretFromEnvVar, secret_list=secretManagedAccounts, certificate_path=certificatePath, certificate_password=certificatePasswordFromEnVar, wantlist=False)}}"

    secretList: "fake_grp/credential,fake_grp/file"
    gotSecrets: "{{lookup('beyondTrust.secrets_safe.secrets_safe_lookup', api_url=apiURL, retrieval_type='SECRET', client_id=clientIdFromEnvVar, client_secret=secretFromEnvVar, secret_list=secretList, certificate_path=certificatePath, certificate_password=certificatePasswordFromEnVar, wantlist=False, verify_ca=True)}}"

Inputs

    
api_url:
    description: BeyondTrust Pasword Safe API URL.
    required: true
    type: string

client_id:
    description: API OAuth Client ID.
    required: true
    type: string.

verify_ca:
    default: true
    description: Indicates whether to verify the certificate authority on the Secrets
      Safe instance.
    required: false
    type: boolean

secret_list:
    description: List of secrets (path/title,path/title) or managed accounts (ms/ma,ms/ma)
      to be retrieved, separated by comma.
    required: true
    type: string

client_secret:
    description: API OAuth Client Secret.
    required: true
    type: string.

retrieval_type:
    description: Type of secret to retrieve (use MANAGED_ACCOUNT or SECRET)
    required: true
    type: string

certificate_path:
    description: Password Safe API pfx Certificate Path. For use when authenticating using
      a Client Certificate.
    required: false
    type: string

certificate_password:
    description: Password Safe API pfx Certificate Password. For use when authenticating
      using a Client Certificate.
    required: false
    type: string

Outputs

_list:
  description: list of retrieved  secret(s) in the requested order.
  elements: str
  type: list
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy