Skip to content

Ansible Automation Platform

This integration is pretty straightforward. For those not familiar with Red Hat Ansible, it is an automation platform that is excellent at automating tasks within your local and multi-cloud infrastructure. To do this Ansible needs to connect up to servers, switches, and other infrastructure (known to Ansible as Hosts). Ansible connects to these hosts using credentials.

You have two options for storing these credentials. The first is the native Ansible Vault where passwords are stored within Ansible Tower/Automation Platform. Or, you can store it in an external secret management system like IBM Security Verify Privilege Vault. We’re assuming that those credentials (e.g. local administrator account or ssh keys) are managed and rotated by IBM Security Verify Privilege Vault. That means that Ansible needs to connect to Privilege Vault and pull the latest password so that Ansible can use those credentials to connect to the Host it is attempting to manage.

This is very easy to configure:

  1. Log into your Ansible Automation Platform portal.
  2. Click Resources then Credentials.
  3. Provide a Name and Description (e.g. IBM Security Verify Privilege Vault)
  4. If you are utilising Organization, select the applicable Organization.
  5. Select Credential Type of Thycotic Secret Server.
  6. Provide your Secret Server URL (e.g. https://secretserver.domain.local/SecretServer)
  7. Provide the Username and Password for the Application Account you created for Ansible.
  8. I strongly recommend you test your integration and try to get a secret (using its secret id) and the password field (lowercase is important).

Now, each time you define a new credential in Ansible, click the key icon next to the field and that will bring up the External Secret Management System wizard, which allows you to select which system you want to pull the secret from (e.g. Privilege Vault), then enter the Secret ID and Secret Field.

External Secret Management System Wizard

If everything is done correctly, Ansible will tell you that the field will be retrieved from an external secret management system.

Ansible Credential Screenshot

Now, each time this credential is referenced on a Job Template, Ansible will get the latest password from Privilege Vault first, then use that to connect to the various hosts.