community.general.dsv lookup – Get secrets from Thycotic DevOps Secrets Vault

Note

This lookup plugin is part of the community.general collection (version 10.2.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this lookup plugin, see Requirements for details.

To use it in a playbook, specify: community.general.dsv.

New in community.general 1.0.0

Synopsis

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Terms

Parameter

Comments

Terms

string / required

The path to the secret, for example /staging/servers/web1.

Keyword parameters

This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following examples: lookup('community.general.dsv', key1=value1, key2=value2, ...) and query('community.general.dsv', key1=value1, key2=value2, ...)

Parameter

Comments

client_id

string / required

The client_id with which to request the Access Grant.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_id = VALUE
    
  • Environment variable: DSV_CLIENT_ID

client_secret

string / required

The client secret associated with the specific client_id.

Configuration:

  • INI entry:

    [dsv_lookup]
    client_secret = VALUE
    
  • Environment variable: DSV_CLIENT_SECRET

tenant

string / required

The first format parameter in the default url_template.

Configuration:

  • INI entry:

    [dsv_lookup]
    tenant = VALUE
    
  • Environment variable: DSV_TENANT

tld

string

The top-level domain of the tenant; the second format parameter in the default url_template.

Default: "com"

Configuration:

  • INI entry:

    [dsv_lookup]
    tld = com
    
  • Environment variable: DSV_TLD

url_template

string

The path to prepend to the base URL to form a valid REST API request.

Default: "https://{}.secretsvaultcloud.{}/v1"

Configuration:

  • INI entry:

    [dsv_lookup]
    url_template = https://{}.secretsvaultcloud.{}/v1
    
  • Environment variable: DSV_URL_TEMPLATE

Notes

Note

  • When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters: lookup('community.general.dsv', term1, term2, key1=value1, key2=value2) and query('community.general.dsv', term1, term2, key1=value1, key2=value2)

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Value

Key

Description

Return value

list / elements=dictionary

One or more JSON responses to GET /secrets/{path}.

See https://dsv.thycotic.com/api/index.html#operation/getSecret.

Returned: success

Authors

  • Adam Migus (@amigus)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.