CyberArk & Red Hat Ansible Tower - Integrating w/ Tower Out of the Box



In this video, I will show you how to integrate Red Hat Ansible Tower v3.5.1 or above with CyberArk’s AAM Central Credential Provider (CCP) and Conjur Enterprise & Open Source. I will go over how to setup Ansible Tower’s access in both solutions, how to extend Role-Based Access Controls into Ansible Tower for Segregation of Duties between teams and how to extend that into CyberArk’s products.

Playbooks Used: https://github.com/infamousjoeg/ansible-tower-playbooks
CyberArk: https://cyberark.com
Conjur: https://conjur.org
Red Hat Ansible: https://www.redhat.com/en/technologies/management/ansible/try-it

source

8 thoughts on “CyberArk & Red Hat Ansible Tower – Integrating w/ Tower Out of the Box”
  1. Hi Joe

    I am not able to manage windows service, password for account is getting changed but for service it is not working can you help me

  2. It was an nice demo Joe ,I have a query..if CCP & DAP both has ability to secure the secrets then in which area we can distinguish it..can we use only CCP for ansible integration to securely retrieve the password ,or do u think any other usecase that DAP only fit for ansible to retrieve the secrets..please suggest

  3. Hi Joe, I would really like to see a video about setting up Client Auth Certs for CCP as you talked about here.

  4. Hi Joe . excellent presentation and I am sure it will be very much useful. I have couple of queries

    1) Does it possible to configure access to AIM CCP from ansible tower through multiple jump servers. if direct connectivity from ansible tower to AIM CCP url is not allowed
    and if ues then iI how to do it
    2) How to setup client certification authentication in ansible tower as a part of cyberark credential config

  5. This was very helpful Joe, thank you! I have a question though, we are using CCP and we were able to test it out just fine with one host in inventory for a template. Now we have multiple (2) hosts in inventory which is selected for a specific template but it fails because of the "Object Query" selected to be "Exact" with the fields of Safe=SAFENAME;Object=Objectname@IP is selective for one host in the inventory list and not the other host. I was reading documentation that this can change to be dynamic by changing the format from "Exact" to "Regexp"? I think this is what we are looking at where object name can dynamically be updated which will help limit the amount of credentials folks need to make. Do you have any info on this?

  6. Thank You Joe for the uploaded video. Is there a way to retrieve data from CyberArk PVWA to Microsoft Excel via RestAPI?

Leave a Reply

Your email address will not be published.

Captcha loading...