I have Conjur 12.5.1 with Ansible 2.9 for integration. I was able to create ansible host in Conjur using the role playbook. When I try to retrieve the secret using the lookup plugin, I get the following error message. I check all the passed parameters such as url, user (host%2Flocalhost), api key and certificate; they are all valid. I can retrieve the secret using curl using the same parameters. I appreciate any help!
fatal: [localhost]: FAILED! => {
“msg”: “An unhandled exception occurred while running the lookup plugin ‘cyberark.conjur.conjur_variable’. Error was a <class ‘binascii.Error’>, original message: Incorrect padding”
}
I have the same issue before, please check your file /etc/conjur.pem and check your certificate if the end of certificate is not have “=” then it will be failed like that.
My solution is delete the certificate that not contain “=” and replace only using CA certificate because my CA certificate have “=” behind the certificate.
That fixes my issue, thank you so much for pointing that out! So it seems that the current Ansible integration does not support self-signed certificate at least the ‘cyberark.conjur.conjur_variable’ plugin. The ‘cyberark.conjur.conjur-host-identity’ role works though. Kudos to Chandra, thanks again!