Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example of @cyberark AIM Credential Provider + @cyberark REST API + Ansible Community 2.5+
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: 'https://components.cyberarkdemo.example'
validate_certs: no
username: '{{ item.passprops.username }}'
password: '{{ item.password }}'
with_cyberarkpassword:
appid: 'Ansible'
query: 'safe=TEST-RESTAPI;folder=root;object=test-restapi-cybr_ansible'
output: 'password,PassProps.Username'
no_log: yes
- name: Onboard root User to CyberArk Enterprise Password Vault
uri:
url: https://components.cyberarkdemo.example/PasswordVault/api/Accounts
headers:
Content-Type: application/json
Authorization: '{{ cyberark_session.token }}'
method: POST
status_code: 201
body:
name: 'test-auto-onboard_{{ inventory_hostname }}_root'
address: '{{ inventory_hostname }}'
userName: 'root'
platformId: 'UnixSSH'
safeName: 'TEST-AUTO-ONBOARD'
secretType: 'password'
secret: 'Cyberark1'
secretManagement:
automaticManagementEnabled: no
body_format: json
validate_certs: no
- name: Logoff from PAS Web Services SDK
cyberark_authentication:
state: absent
cyberark_session: '{{ cyberark_session }}'
@infamousjoeg

This comment has been minimized.

Copy link
Owner Author

commented Mar 21, 2019

Requires the cyberark.modules role installed from Ansible Galaxy:
$ ansible-galaxy install cyberark.modules

asciicast

@infamousjoeg

This comment has been minimized.

Copy link
Owner Author

commented Mar 21, 2019

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.