Try SpotterGet secrets from Thycotic Secret Server
| "added in version" 1.0.0 of community.general"
Authors: Adam Migus (@amigus) <adam@migus.org>
Install with ansible-galaxy collection install community.general:==3.8.10
collections:
- name: community.general
version: 3.8.10Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with I(username) and I(password) on the REST API at I(base_url).
When using self-signed certificates the environment variable C(REQUESTS_CA_BUNDLE) can be set to a file containing the trusted certificates (in C(.pem) format).
For example, C(export REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.trust.crt').
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password',
domain='domain'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret_password: >-
{{
((lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token',
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
}}
tasks:
- ansible.builtin.debug:
msg: the password is {{ secret_password }}
token:
description:
- Existing token for Thycotic authorizer.
- If provided, I(username) and I(password) are not needed.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
env:
- name: TSS_TOKEN
ini:
- key: token
section: tss_lookup
version_added: 3.7.0
version_added_collection: community.general
_terms:
description: The integer ID of the secret.
required: true
type: int
domain:
default: ''
description:
- The domain with which to request the OAuth2 Access Grant.
- Optional when I(token) is not provided.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
env:
- name: TSS_DOMAIN
ini:
- key: domain
section: tss_lookup
required: false
version_added: 3.6.0
version_added_collection: community.general
base_url:
description: The base URL of the server, e.g. C(https://localhost/SecretServer).
env:
- name: TSS_BASE_URL
ini:
- key: base_url
section: tss_lookup
required: true
password:
description:
- The password associated with the supplied username.
- Required when I(token) is not provided.
env:
- name: TSS_PASSWORD
ini:
- key: password
section: tss_lookup
username:
description: The username with which to request the OAuth2 Access Grant.
env:
- name: TSS_USERNAME
ini:
- key: username
section: tss_lookup
api_path_uri:
default: /api/v1
description: The path to append to the base URL to form a valid REST API request.
env:
- name: TSS_API_PATH_URI
required: false
token_path_uri:
default: /oauth2/token
description: The path to append to the base URL to form a valid OAuth2 Access Grant
request.
env:
- name: TSS_TOKEN_PATH_URI
required: false
_list:
description:
- The JSON responses to C(GET /secrets/{id}).
- See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get).
elements: dict
type: list