cyberark.conjur.conjur_variable – Fetch credentials from CyberArk Conjur.

Note

This plugin is part of the cyberark.conjur collection (version 1.1.0).

To install it use: ansible-galaxy collection install cyberark.conjur.

To use it in a playbook, specify: cyberark.conjur.conjur_variable.

New in version 2.5: of cyberark.conjur

Synopsis
Requirements
Parameters
Examples
Return Values

Synopsis

Retrieves credentials from Conjur using the controlling host’s Conjur identity or environment variables. Environment variables could be CONJUR_ACCOUNT, CONJUR_APPLIANCE_URL, CONJUR_CERT_FILE, CONJUR_AUTHN_LOGIN, CONJUR_AUTHN_API_KEY, CONJUR_AUTHN_TOKEN_FILE Conjur info - https://www.conjur.org/.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

The controlling host running Ansible has a Conjur identity. (More: https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html)

Parameters

Parameter	Choices/Defaults	Configuration	Comments
_terms string / required			Variable path
as_file boolean	Choices: no ← yes		Store lookup result in a temporary file and returns the file path. Thus allowing it to be consumed as an ansible file parameter (eg ansible_ssh_private_key_file).
authn_token_file path	Default: "/var/run/conjur/access-token"	ini entries: [conjur,] authn_token_file = /var/run/conjur/access-token env:CONJUR_AUTHN_TOKEN_FILE	Path to the access token file.
config_file path	Default: "/etc/conjur.conf"	ini entries: [conjur,] config_file_path = /etc/conjur.conf env:CONJUR_CONFIG_FILE	Path to the Conjur configuration file. The configuration file is a YAML file.
identity_file path	Default: "/etc/conjur.identity"	ini entries: [conjur,] identity_file_path = /etc/conjur.identity env:CONJUR_IDENTITY_FILE	Path to the Conjur identity file. The identity file follows the netrc file format convention.
validate_certs boolean	Choices: no yes ←		Flag to control SSL certificate validation

Examples

---
  - hosts: localhost
    collections:
      - cyberark.conjur
    tasks:
      - name: Lookup variable in Conjur
        debug:
          msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key	Returned	Description
_raw string	success	Value stored in Conjur.

Authors

CyberArk BizDev (@cyberark-bizdev)
CyberArk Community and Integrations Team (@cyberark/community-and-integrations-team)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/cyberark/conjur/conjur_variable_lookup.html