community / community.general / 6.6.8 / lookup / tss Get secrets from Thycotic Secret Server | "added in version" 1.0.0 of community.general" Authors: Adam Migus (@amigus) <adam@migus.org>community.general.tss (6.6.8) — lookup
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with I(username) and I(password) on the REST API at I(base_url).
When using self-signed certificates the environment variable C(REQUESTS_CA_BUNDLE) can be set to a file containing the trusted certificates (in C(.pem) format).
For example, C(export REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.trust.crt').
- hosts: localhost vars: secret: >- {{ lookup( 'community.general.tss', 102, base_url='https://secretserver.domain.com/SecretServer/', username='user.name', password='password' ) }} tasks: - ansible.builtin.debug: msg: > the password is {{ (secret['items'] | items2dict(key_name='slug', value_name='itemValue'))['password'] }}
- hosts: localhost vars: secret: >- {{ lookup( 'community.general.tss', 102, base_url='https://secretserver.domain.com/SecretServer/', username='user.name', password='password', domain='domain' ) }} tasks: - ansible.builtin.debug: msg: > the password is {{ (secret['items'] | items2dict(key_name='slug', value_name='itemValue'))['password'] }}
- hosts: localhost vars: secret_password: >- {{ ((lookup( 'community.general.tss', 102, base_url='https://secretserver.domain.com/SecretServer/', token='thycotic_access_token', ) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password'] }} tasks: - ansible.builtin.debug: msg: the password is {{ secret_password }}
token: description: - Existing token for Thycotic authorizer. - If provided, I(username) and I(password) are not needed. - Requires C(python-tss-sdk) version 1.0.0 or greater. env: - name: TSS_TOKEN ini: - key: token section: tss_lookup version_added: 3.7.0 version_added_collection: community.general _terms: description: The integer ID of the secret. required: true type: int domain: default: '' description: - The domain with which to request the OAuth2 Access Grant. - Optional when I(token) is not provided. - Requires C(python-tss-sdk) version 1.0.0 or greater. env: - name: TSS_DOMAIN ini: - key: domain section: tss_lookup required: false version_added: 3.6.0 version_added_collection: community.general base_url: description: The base URL of the server, e.g. C(https://localhost/SecretServer). env: - name: TSS_BASE_URL ini: - key: base_url section: tss_lookup required: true password: description: - The password associated with the supplied username. - Required when I(token) is not provided. env: - name: TSS_PASSWORD ini: - key: password section: tss_lookup username: description: The username with which to request the OAuth2 Access Grant. env: - name: TSS_USERNAME ini: - key: username section: tss_lookup api_path_uri: default: /api/v1 description: The path to append to the base URL to form a valid REST API request. env: - name: TSS_API_PATH_URI required: false token_path_uri: default: /oauth2/token description: The path to append to the base URL to form a valid OAuth2 Access Grant request. env: - name: TSS_TOKEN_PATH_URI required: false
_list: description: - The JSON responses to C(GET /secrets/{id}). - See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get). elements: dict type: list