We have requirement to secure credential with cyberArk and use it in ansible awx credential. Note:not within ansible playbook.
In ansible(AWX) credential, How to secure/automate conjur "api key" without manual type
Asked
Active
Viewed 309 times
1 Answers
0
Currently, when using the CyberArk Conjur Secret Lookup in Ansible Automation Platform (formerly Tower) or AWX, there is no way to provide the API key to the platform Just-in-Time. It is required to be stored and encrypted within the API Key value of the Secret Lookup credential type, as is depicted in your screenshot.
There is research being done on how this can utilize Conjur's JWT authenticator instead of using a stored API key, however there are no details on the development at this time.
At the very minimum, the Secret Lookup approach currently implemented would allow you to introduce secret rotation to all secrets previously stored in Ansible which is a security improvement over the static nature of those secrets when they were stored there.
InfamousJoeG
- 21
- 4
-
Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 05 '22 at 19:58