cyberarkpassword - get secrets from CyberArk AIM

New in version 2.4.

Synopsis

Requirements

The below requirements are needed on the local master node that executes this lookup.

  • CyberArk AIM tool installed

Parameters

Parameter Choices/Defaults Configuration Comments
_command Default:
/opt/CARKaim/sdk/clipasswordsdk
env:AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
_extra
for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
appid
required
Defines the unique ID of the application that is issuing the password request.
output Default:
password
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
query
required
Describes the filter criteria for the password retrieval.

Examples

- name: passing options to the lookup
  debug: msg={{ lookup("cyberarkpassword", cyquery)}}
  vars:
    cyquery:
      appid: "app_ansible"
      query": "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  debug: msg={{item}}
  with_cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
passprops
dictionary
properties assigned to the entry

password
The actual value stored

passwordchangeinprocess
did the password change?



Status

Author

  • UNKNOWN

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/plugins/lookup/cyberarkpassword.html