W3cubDocs

/Ansible

cyberark.conjur.conjur_variable – Fetch credentials from CyberArk Conjur.

Note

This plugin is part of the cyberark.conjur collection (version 1.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cyberark.conjur.

To use it in a playbook, specify: cyberark.conjur.conjur_variable.

New in version 2.5: of cyberark.conjur

Synopsis
Requirements
Parameters
Examples
Return Values

Synopsis

Retrieves credentials from Conjur using the controlling host’s Conjur identity or environment variables. Environment variables could be CONJUR_ACCOUNT, CONJUR_APPLIANCE_URL, CONJUR_CERT_FILE, CONJUR_AUTHN_LOGIN, CONJUR_AUTHN_API_KEY, CONJUR_AUTHN_TOKEN_FILE Conjur info - https://www.conjur.org/.

Requirements

The below requirements are needed on the local controller node that executes this lookup.

The controlling host running Ansible has a Conjur identity. (More: https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html)

Parameters

Parameter	Choices/Defaults	Configuration	Comments
_terms string / required			Variable path
as_file boolean	Choices: no ← yes		Store lookup result in a temporary file and returns the file path. Thus allowing it to be consumed as an ansible file parameter (eg ansible_ssh_private_key_file).
authn_token_file path	Default: "/var/run/conjur/access-token"	ini entries: [conjur,] authn_token_file = /var/run/conjur/access-token env:CONJUR_AUTHN_TOKEN_FILE	Path to the access token file.
config_file path	Default: "/etc/conjur.conf"	ini entries: [conjur,] config_file_path = /etc/conjur.conf env:CONJUR_CONFIG_FILE	Path to the Conjur configuration file. The configuration file is a YAML file.
identity_file path	Default: "/etc/conjur.identity"	ini entries: [conjur,] identity_file_path = /etc/conjur.identity env:CONJUR_IDENTITY_FILE	Path to the Conjur identity file. The identity file follows the netrc file format convention.
validate_certs boolean	Choices: no yes ←		Flag to control SSL certificate validation

Examples

---
  - hosts: localhost
    collections:
      - cyberark.conjur
    tasks:
      - name: Lookup variable in Conjur
        debug:
          msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key	Returned	Description
_raw string	success	Value stored in Conjur.

Authors

CyberArk BizDev (@cyberark-bizdev)
CyberArk Community and Integrations Team (@cyberark/community-and-integrations-team)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cyberark/conjur/conjur_variable_lookup.html