Created
April 10, 2024 16:39
-
-
Save infamousjoeg/0162fa852903569c144b85273f2bd9d7 to your computer and use it in GitHub Desktop.
Ansible Automation Platform with CCP for Dynamic Secrets to Network Device
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: all | |
gather_facts: no | |
tasks: | |
- block: | |
- name: Retrieve Password from CyberArk | |
cyberark.pas.cyberark_credential: | |
api_base_url: "{{ ccp_base_url }}" | |
app_id: "{{ ccp_app_id }}" | |
query: "Safe={{ ccp_safe }};Object=Network Device-CiscoSSH-{{ inventory_hostname }}-root" | |
validate_certs: "{{ ccp_validate_certs }}" | |
register: cyberark_key_response | |
- name: Set SSH Username to Fact | |
ansible.builtin.set_fact: | |
ansible_user: "{{ cyberark_key_response.result.UserName }}" | |
- name: Set SSH Password to Fact | |
ansible.builtin.set_fact: | |
ansible_ssh_password: "{{ cyberark_key_response.result.Content }}" | |
delegate_to: localhost | |
no_log: yes | |
- name: Connect to Remote Network Device | |
ansible.netcommon.network_cli: | |
host: "{{ inventory_hostname }}" | |
host_key_auto_add: yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment