community.general.dsv – Get secrets from Thycotic DevOps Secrets Vault

Note

This plugin is part of the community.general collection (version 2.0.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.dsv.

New in version 1.0.0: of community.general

Synopsis
Requirements
Parameters
Examples
Return Values

Synopsis

Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/

Parameters

Parameter	Choices/Defaults	Configuration	Comments
_terms string / required			The path to the secret, e.g. `/staging/servers/web1`.
client_id string / required		ini entries: [dsv_lookup] client_id = None env:DSV_CLIENT_ID	The client_id with which to request the Access Grant.
client_secret string / required		ini entries: [dsv_lookup] client_secret = None env:DSV_CLIENT_SECRET	The client secret associated with the specific client_id.
tenant string / required		ini entries: [dsv_lookup] tenant = None env:DSV_TENANT	The first format parameter in the default url_template.
tld string	Default: "com"	ini entries: [dsv_lookup] tld = com env:DSV_TLD	The top-level domain of the tenant; the second format parameter in the default url_template.
url_template string	Default: "https://{}.secretsvaultcloud.{}/v1"	ini entries: [dsv_lookup] url_template = https://{}.secretsvaultcloud.{}/v1 env:DSV_URL_TEMPLATE	The path to prepend to the base URL to form a valid REST API request.

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key	Returned	Description
_list list / elements=dictionary	success	One or more JSON responses to `GET /secrets/{path}`. See https://dsv.thycotic.com/api/index.html#operation/getSecret.

Authors

Adam Migus (@amigus) <adam@migus.org>

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/dsv_lookup.html