community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.dsv.

New in community.general 1.0.0

Synopsis

• Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

• python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/

Terms

Parameter	Comments
Terms string / required	The path to the secret, for example /staging/servers/web1.

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.dsv', key1=value1, key2=value2, ...) and query('community.general.dsv', key1=value1, key2=value2, ...)

Parameter	Comments
client_id string / required	The client_id with which to request the Access Grant. Configuration: INI entry: [dsv_lookup] client_id = VALUE Environment variable: DSV_CLIENT_ID
client_secret string / required	The client secret associated with the specific client_id. Configuration: INI entry: [dsv_lookup] client_secret = VALUE Environment variable: DSV_CLIENT_SECRET
tenant string / required	The first format parameter in the default url_template. Configuration: INI entry: [dsv_lookup] tenant = VALUE Environment variable: DSV_TENANT
tld string	The top-level domain of the tenant; the second format parameter in the default url_template. Default: "com" Configuration: INI entry: [dsv_lookup] tld = com Environment variable: DSV_TLD
url_template string	The path to prepend to the base URL to form a valid REST API request. Default: "https://{}.secretsvaultcloud.{}/v1" Configuration: INI entry: [dsv_lookup] url_template = https://{}.secretsvaultcloud.{}/v1 Environment variable: DSV_URL_TEMPLATE

Notes

Note

• When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters: lookup('community.general.dsv', term1, term2, key1=value1, key2=value2) and query('community.general.dsv', term1, term2, key1=value1, key2=value2)

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Value

Key	Description
Return value list / elements=dictionary	One or more JSON responses to GET /secrets/{path}. See https://dsv.thycotic.com/api/index.html#operation/getSecret. Returned: success

Authors

• Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.

Collection links

• Issue Tracker
• Repository (Sources)
• Ask for help
• Submit a bug report
• Request a feature
• Communication