W3cubDocs

/Ansible

community.general.dsv – Get secrets from Thycotic DevOps Secrets Vault

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.dsv.

New in version 1.0.0: of community.general

Synopsis

  • Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV tenant using a client_id and client_secret.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

Parameters

Parameter Choices/Defaults Configuration Comments
_terms
string / required
The path to the secret, e.g. /staging/servers/web1.
client_id
string / required
ini entries:

[dsv_lookup]
client_id = None

env:DSV_CLIENT_ID
The client_id with which to request the Access Grant.
client_secret
string / required
ini entries:

[dsv_lookup]
client_secret = None

env:DSV_CLIENT_SECRET
The client secret associated with the specific client_id.
tenant
string / required
ini entries:

[dsv_lookup]
tenant = None

env:DSV_TENANT
The first format parameter in the default url_template.
tld
string
Default:
"com"
ini entries:

[dsv_lookup]
tld = com

env:DSV_TLD
The top-level domain of the tenant; the second format parameter in the default url_template.
url_template
string
Default:
"https://{}.secretsvaultcloud.{}/v1"
ini entries:

[dsv_lookup]
url_template = https://{}.secretsvaultcloud.{}/v1

env:DSV_URL_TEMPLATE
The path to prepend to the base URL to form a valid REST API request.

Examples

- hosts: localhost
  vars:
      secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
  tasks:
      - ansible.builtin.debug:
          msg: 'the password is {{ secret["data"]["password"] }}'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key Returned Description
_list
list / elements=dictionary
success
One or more JSON responses to GET /secrets/{path}.



Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/dsv_lookup.html