Documentation

cyberarkpassword - get secrets from CyberArk AIM

New in version 2.4.

Synopsis

Requirements

The below requirements are needed on the local master node that executes this lookup.

  • CyberArk AIM tool installed

Parameters

Parameter
Choices/Defaults
Configuration
Comments
_command
Default:
/opt/CARKaim/sdk/clipasswordsdk
env:AIM_CLIPASSWORDSDK_CMD
Cyberark CLI utility.
_extra
for extra_parms values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
appid
required
Defines the unique ID of the application that is issuing the password request.
output
Default:
password
Specifies the desired output fields separated by commas.
They could be: Password, PassProps.<property>, PasswordChangeInProcess
query
required
Describes the filter criteria for the password retrieval.

Examples

- name: passing options to the lookup
  debug: msg={{ lookup("cyberarkpassword", cyquery)}}
  vars:
    cyquery:
      appid: "app_ansible"
      query": "safe=CyberArk_Passwords;folder=root;object=AdminPass"
      output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"


- name: used in a loop
  debug: msg={{item}}
  with_cyberarkpassword:
      appid: 'app_ansible'
      query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
      output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'

Return Values

Common return values are documented here, the following are the fields unique to this lookup:

Key
Returned
Description
passprops
dictionary
properties assigned to the entry

password
The actual value stored

passwordchangeinprocess
did the password change?



Status

Author

  • UNKNOWN

Hint

If you notice any issues in this documentation you can edit this document to improve it.