Metadata-Version: 2.4
Name: safeguardcredentialtype
Version: 2.0.0
Summary: One Identity Safeguard Credential Type plugin for Ansible
Author-email: One Identity LLC <support@oneidentity.com>
Maintainer-email: One Identity LLC <support@oneidentity.com>
License-Expression: Apache-2.0
Project-URL: Homepage, http://oneidentity.com
Project-URL: Repository, https://github.com/OneIdentity/safeguard-ansible
Keywords: ansible,oneidentity
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pysafeguard<9,>=8
Dynamic: license-file

# Safeguard Credential Type plugin for Ansible

## What is the Safeguard Credential Type plugin?

The Safeguard Credential Type plugin is a plugin that is installed and used by the AWX web interface to fetch credentials from Safeguard for Privileged Passwords (SPP). Once installed, a new credential type plugin will appear in the drop-own list **Resources** > **Credentials** > **Create New Credential** page. A Safeguard Credential type can be used to fetch a credential from SPP by configuring the following values:

![SafeguardCredentialTypePlugin](Images/CredentialTypePlugin.PNG)

* **Safeguard Credential API key** - The API key is generated by SPP when an A2A registration is created. The API key identifies a specific credential which can be fetched by a third-party application from SPP through the A2A interface.
* **Safeguard Appliance IP or Host name** - The IP address or host name of the SPP appliance.
* **Safeguard client certificate file path** - The full path to the user authentication certificate (PEM format).
* **Safeguard client key file path** - The full path to the user authentication private key (PEM format). NOTE: It is the responsibility of the Ansible administrator to make sure that the private key is stored in a safe location and can only be read by Ansible.
* **Safeguard CA certificate file path** (optional) - Full path to a CA certificate bundle for TLS verification of the SPP appliance. When provided, overrides the system CA store.
* **Validate TLS certificates** (optional) - Whether to validate TLS certificates (default: **true**). Set to **false** only for testing with self-signed certificates.
* **Safeguard credential type to retrieve** (optional) - Specify the credential type to retrieve from SPP. The options are **password** (default) or **privatekey**.

To fetch a credential from SPP, an A2A registration must have been created in SPP. For more information about how to create an A2A registration, please see the Safeguard for Privileged Passwords Administration Guide for your version of SPP (<https://support.oneidentity.com/technical-documents>).

## Installation

The installation of the Safeguard Credential Type plugin must be done on the server that is running the Ansible Automation Platform web interface. The plugin can be installed by running the following commands:

```text
> sudo awx-python -m pip install safeguardcredentialtype
> sudo awx-manage setup_managed_credential_types
> sudo automation-controller-service restart
```
