Interests in an Ansible Lookup Plugin for Thycotic Secret Server Professional

[mschol...@gmail.com]

Hi,

we're using ansible for quite some time now as well as Thycotic Secret Server (TSS). Recently, we thought it would be a good idea to be able to use TSS as a global password storage for any ansible related stuff, too. While e.g. the password lookup plugin is great we wanted to have one place that stores not only passwords but additional metadata. Thus we developed a small lookup plugin that operates on TSS Professional Rest API.

Why am I telling you this? Simply put, it would be nice to contribute a little bit to ansible since it is such a handy tool. But as we are not quite a company that embraces open source style code sharing too much I just wanted to know if there is any interest of people to have such a plugin ship with ansible. If so I would first try to solve the potential copyright issues on our side and would then submit a feature proposal to https://github.com/ansible/proposals.

Just to show you what I'm actually talking about see these examples:

- name: show default field
  debug: msg="{{ lookup('tss_lookup', '/path/to/the/secret' }}"

- name: show default field and provide specific template
  debug: msg="{{ lookup('tss_lookup', '/path/to/the/secret;template=theTemplate' }}"

- name: show specific field
  debug: msg="{{ lookup('tss_lookup', '/path/to/the/secret;field=user name' }}"

- name: show specific field and provide specific template
  debug: msg="{{ lookup('tss_lookup', '/path/to/the/secret;field=user name,template=theTemplate' }}"

- name: show specific field and provide specific template and parameters
  debug: msg="{{ lookup('tss_lookup', '/path/to/the/secret;template=theTemplate,field=user pass,user name=theUser' }}"

Thanks for reading, cheers

Martin

[Mark Janssen]

I'm not familiar with that specific password management system, but I would recommend trying to keep the ansible interface compatible with other password-management systems. Like for example: https://docs.ansible.com/ansible/2.5/plugins/lookup/passwordstore.html

Looks mostly the same, but the fields are space-seperated, not semicolon seperated.

Getting it into ansible took a bit of effort when I wanted to upstream passwordstore, but worked out fine in the end.

--
You received this message because you are subscribed to the Google Groups "Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

[mschol...@gmail.com]

Well, I agree. The point is that I didn't want to implemented escape logic, didn't find any common rules for implementing, too. TSS allows spaces in field names.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-deve...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[B]

I have a customer that is looking for the integration of Thycotic Secret Server specifically within Ansible.  This would be of great value if this were to be a 'supported module' within Ansible.

This post has some dust on it from last year, is there any other traction you have found to support this effort?

[Martin Scholl]

Hi, to be honest my efforts in convincing management to participate by sharing code/knowledge have not beared fruit yet. They just want to sell, if at all. However, management will change by the end of the year, maybe I'll be successful then. For the time being I can tell you that such a plugin is relatively easy to implement and works great. If you need help feel free to contact me :)