Osirium PAM: Static Vaults

Summary

This module contains actions for reading static vault information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.static_vaults.

display

Display static vaults in a table.

The table will have the following columns:

• Name
• Device Count

Minimum Plugin Version: 2.0.0

Input

• text: the title of the table

• static_vaults: any number of StaticVaults

Output

Nothing is outputted by this action.

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: static_vaults

- pam.static_vaults.display:
    text: Static Vaults
  load:
    static_vaults: static_vaults

pam.static_vaults.

get_all

Get all static vaults from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of StaticVaults.

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: all_static_vaults

pam.static_vaults.

get_by_id

Get a static vault using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

vault_id: the ID of the Static Vault

Output

A single StaticVault.

Example

- pam.static_vaults.get_by_id:
    pam_address: pam.internal.net
    vault_id: 2
  save: static_vault

pam.static_vaults.

get_by_name

Get a static vault using its name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the Static Vault

Output

A single StaticVault.

Example

- pam.static_vaults.get_by_name:
    pam_address: pam.internal.net
    name: Cloud Secrets
  save: static_vault

pam.static_vaults.

input_table

Display static vaults in a table & prompt the task operator to make a selection.

The table will have the following columns:

• Name
• Device Count

Deprecation Warning

This action will soon be deprecated in favour of select.

Minimum Plugin Version: 1.0.0

Input

• text: The title of the table

• static_vaults: any number of StaticVaults

• minimum: The minimum number of acceptable selections

• maximum: The maximum number of acceptable selections

Output

A list of StaticVaults.

Tip

• If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

• If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: static_vaults

- pam.static_vaults.input_table:
    text: Select a Static Vault
    minimum: 1
    maximum: 1
  load:
    static_vaults: static_vaults
  save: selected_static_vaults

pam.static_vaults.

output_table

Display static vaults in a table.

The table will have the following columns:

• Name
• Device Count

Deprecation Warning

This action will soon be deprecated in favour of display.

Minimum Plugin Version: 1.0.0

Input

• text: the title of the table

• static_vaults: any number of StaticVaults

Output

Nothing is outputted by this action.

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: all_static_vaults

- pam.static_vaults.output_table:
    text: All Static Vaults
  load:
    static_vaults: all_static_vaults

pam.static_vaults.

reveal_account_by_name

Reveal a static vault account's secrets using the account name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

vault_id: the ID of the Static Vault

account_name: the name of the Static Vault account

Output

A single Secret.

Example

- pam.static_vaults.reveal_account_by_name:
    pam_address: pam.internal.net
    vault_id: 3
    account_name: api_key
  save: secret

pam.static_vaults.

search

Search for static vaults in the PAM appliance.

Minimum Plugin Version: 2.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A SearchResult containing:

• total: the number of StaticVaults found

• all: a list of StaticVaults found

• first: the first StaticVault found

• last: the last StaticVault found

Search Result Format

The search result format was updated in version 2.0.0 of this plugin.

It is not compatible with playbooks written against previous versions.

See here for more information.

Example

Find all static vaults with 1 or more devices:

- pam.static_vaults.search:
    pam_address: pam.internal.net
    queries:
      - attribute: device_count
        query: greater_than
        value: 0
  save: search_results

Wildcard Queries

You can use the % character as a wildcard in the value of each query.

pam.static_vaults.

select

Display static vaults in a table & prompt the task operator to make a selection.

The table will have the following columns:

• Name
• Device Count

Minimum Plugin Version: 2.0.0

Input

• text: The title of the table

• static_vaults: any number of StaticVaults

• minimum: The minimum number of acceptable selections

• maximum: The maximum number of acceptable selections

Output

A Selection containing:

• total: the number of selected StaticVaults

• all: a list of selected StaticVaults

• first: the first selected StaticVault

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: static_vaults

- pam.static_vaults.select:
    text: Select Static Vaults
  load:
    static_vaults: static_vaults
  save: selection

pam.static_vaults.

select_one

Display static vaults in a table & prompt the task operator to select one.

The table will have the following columns:

• Name
• Device Count

Minimum Plugin Version: 2.0.0

Input

• text: The title of the table

• static_vaults: any number of StaticVaults

Output

A single StaticVault.

Example

- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: static_vaults

- pam.static_vaults.select_one:
    text: Select Static Vault
  load:
    static_vaults: static_vaults
  save: static_vault