The Safeguard Credential Type plugin is a plugin that is installed and used by the AWX web interface to fetch credentials from Safeguard for Privileged Passwords (SPP). Once installed, a new credential type plugin will appear in the drop-own list Resources > Credentials > Create New Credential page. A Safeguard Credential type can be used to fetch a credential from SPP by configuring the following values:
- Safeguard Credential API key - The API key is generated by SPP when an A2A registration is created. The API key identifies a specific credential which can be fetched by a third-party application from SPP through the A2A interface.
- Safeguard Appliance IP or Host name - The IP address or host name of the SPP appliance.
- Safeguard client certificate file path - The full path to the user authentication certificate (PEM format).
- Safeguard client key file path - The full path to the user authentication private key (PEM format). NOTE: It is the responsibility of the Ansible administrator to make sure that the private key is stored in a safe location and can only be read by Ansible.
- Safeguard TLS certificate file path (optional) - The full path to the TLS public certificate that is associated with the SPP appliance. If this certificate path is not provided, the lookup plugin will disable TLS validation which may produce a warning.
- Safeguard credential type to retrieve (optional) - Specify the credential type to retrieve from SPP. The options are password (default) or privatekey.
To fetch a credential from SPP, an A2A registration must have been created in SPP. For more information about how to create an A2A registration, please see the Safeguard for Privileged Passwords Administration Guide for your version of SPP (https://support.oneidentity.com/technical-documents).
The installation of the Safeguard Credential Type plugin must be done on the server that is running the Ansible Automation Platform web interface. The plugin is available from the PyPI repository at https://pypi.org/project/safeguardcredentialtype/ and can be install by running the following commands:
> sudo awx-python -m pip install safeguardcredentialtype
> sudo awx-manage setup_managed_credential_types
> sudo automation-controller-service restart