community.general.cyberarkpassword lookup – get secrets from CyberArk AIM

Note

This lookup plugin is part of the community.general collection (version 6.6.9).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.cyberarkpassword.

Synopsis

• Get secrets from CyberArk AIM.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• CyberArk AIM tool installed

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.cyberarkpassword', key1=value1, key2=value2, ...) and query('community.general.cyberarkpassword', key1=value1, key2=value2, ...)

Parameter	Comments
_command string	Cyberark CLI utility. Default: "/opt/CARKaim/sdk/clipasswordsdk" Configuration: Environment variable: AIM_CLIPASSWORDSDK_CMD
_extra string	for extra_params values please check parameters for clipasswordsdk in CyberArk’s “Credential Provider and ASCP Implementation Guide”
appid string / required	Defines the unique ID of the application that is issuing the password request.
output string	Specifies the desired output fields separated by commas. They could be: Password, PassProps.<property>, PasswordChangeInProcess Default: "password"
query string / required	Describes the filter criteria for the password retrieval.

Notes

Note

• For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.

Examples

- name: passing options to the lookup
  ansible.builtin.debug:
      msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
  vars:
    cyquery:
      appid: "app_ansible"
      query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  ansible.builtin.debug:
      msg: "{{item}}"
  with_community.general.cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Value

Key	Description
Return value list / elements=dictionary	A list containing one dictionary. Returned: success
passprops dictionary	properties assigned to the entry Returned: success
password string	The actual value stored Returned: success
passwordchangeinprocess string	did the password change? Returned: success

Authors

• Unknown

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

• Issue Tracker
• Repository (Sources)
• Submit a bug report
• Request a feature
• Communication