Try Spotterget secrets from CyberArk AIM
Authors: Unknown (!UNKNOWN)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Get secrets from CyberArk AIM.
- name: passing options to the lookup
ansible.builtin.debug:
msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
ansible.builtin.debug:
msg: "{{item}}"
with_community.general.cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
appid:
description: Defines the unique ID of the application that is issuing the password
request.
required: true
query:
description: Describes the filter criteria for the password retrieval.
required: true
_extra:
description: for extra_params values please check parameters for clipasswordsdk in
CyberArk's "Credential Provider and ASCP Implementation Guide"
output:
default: password
description:
- Specifies the desired output fields separated by commas.
- 'They could be: Password, PassProps.<property>, PasswordChangeInProcess'
_command:
default: /opt/CARKaim/sdk/clipasswordsdk
description: Cyberark CLI utility.
env:
- name: AIM_CLIPASSWORDSDK_CMD
_result:
contains:
passprops:
description: properties assigned to the entry
type: dictionary
password:
description:
- The actual value stored
passwordchangeinprocess:
description: did the password change?
description: A list containing one dictionary.
elements: dictionary
type: list