How to Integrate Conjur OSS with Ansible Tower

Hi All,
I installed Conjur OSS, and able to add and test the Credential (CyberArk Conjur Secret Lookup) in Ansible Tower.

From CLI:

[root@rhat-dr-thai conjur-quickstart]# docker-compose exec client conjur list
> “myConjurAccount:variable:vcenter/vcenter1/host”,
> “myConjurAccount:variable:vcenter/vcenter1/user”,
> “myConjurAccount:variable:vcenter/vcenter1/pass”,

However, I have requirement to lookup vcenter/vcenter1/* info from vmware_guest module.
Ansible Playbook Task:

- name: Clone the template
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
  delegate_to: localhost

I’m still not sure whether cyberark.conjur-lookup-plugin or cyberark.conjur-host-identity I can use, and also how to utilize it.

Really appreciate if you could share your thoughts on this.

Kind Regards,

Hey @asjarbin ,

Is there a requirement for you to use the lookup plugin? We have another integration that’s built into tower (doesn’t use a lookup plugin) that’s outlined here:

It will work with both OSS and Enterprise versions of Conjur.



Hi Darren,
At the end, I’m using cyberark.conjur-lookup-plugin, and able to retrieve the secrets.

I’m wondering if it works with vmware_guest module which in this case will be executed by Tower (delegate_to: localhost). However, I’ll give it a try too.

Kind Regards,