safeguardcredentialtype 2.0.1

One Identity Safeguard Credential Type plugin for Ansible

Safeguard Credential Type plugin for Ansible

What is the Safeguard Credential Type plugin?

The Safeguard Credential Type plugin is a plugin that is installed and used by the AWX web interface to fetch credentials from Safeguard for Privileged Passwords (SPP). Once installed, a new credential type plugin will appear in the drop-own list Resources > Credentials > Create New Credential page. A Safeguard Credential type can be used to fetch a credential from SPP by configuring the following values:

• Safeguard Credential API key - The API key is generated by SPP when an A2A registration is created. The API key identifies a specific credential which can be fetched by a third-party application from SPP through the A2A interface.
• Safeguard Appliance IP or Host name - The IP address or host name of the SPP appliance.
• Safeguard client certificate file path - The full path to the user authentication certificate (PEM format).
• Safeguard client key file path - The full path to the user authentication private key (PEM format). NOTE: It is the responsibility of the Ansible administrator to make sure that the private key is stored in a safe location and can only be read by Ansible.
• Safeguard CA certificate file path (optional) - Full path to a CA certificate bundle for TLS verification of the SPP appliance. When provided, overrides the system CA store.
• Validate TLS certificates (optional) - Whether to validate TLS certificates (default: true). Set to false only for testing with self-signed certificates.
• Safeguard credential type to retrieve (optional) - Specify the credential type to retrieve from SPP. The options are password (default) or privatekey.

To fetch a credential from SPP, an A2A registration must have been created in SPP. For more information about how to create an A2A registration, please see the Safeguard for Privileged Passwords Administration Guide for your version of SPP (https://support.oneidentity.com/technical-documents).

Installation

The installation of the Safeguard Credential Type plugin must be done on the server that is running the Ansible Automation Platform web interface. The plugin can be installed by running the following commands:

> sudo awx-python -m pip install safeguardcredentialtype
> sudo awx-manage setup_managed_credential_types
> sudo automation-controller-service restart

Upgrading AWX / Ansible Automation Platform

After upgrading AWX or Ansible Automation Platform, the Python virtual environment may be recreated. If this happens, the Safeguard Credential Type plugin and its dependencies must be reinstalled:

> sudo awx-python -m pip install safeguardcredentialtype
> sudo awx-manage setup_managed_credential_types
> sudo automation-controller-service restart

If you see KeyError: 'spp_plugin' in the AWX logs after an upgrade, this indicates the plugin is not installed in the current Python environment. Running the commands above will resolve the issue.