Symantec Privileged Access Management

I was wondering if anyone has successfully been able to connect CA PAM and Ansible where Ansible is able to pull passwords it requires in its playbook from CA PAM instead of using static passwords that someone puts in once.

Our DEV team has used the A2A feature in PAM to access the vault and inject credentials into playbooks.

------------------------------
Senior Info Security Analyst
United Parcel Service
------------------------------

Original Message:
Sent: 05-13-2021 09:42 AM
From: EMILY Mixon
Subject: Ansible Custom Connector Creation or A2A

I was wondering if anyone has successfully been able to connect CA PAM and Ansible where Ansible is able to pull passwords it requires in its playbook from CA PAM instead of using static passwords that someone puts in once.

I have some sample code that I can share.  I created for 2 use cases.
Lookup Plugin:   To be used in Ansible to lookup password using A2A agents.
Connection Plugin: It is  a modified ssh connection where before connection setup it will get private key from PAM and then use the private key to access target host.  This is meant to manage all ssh keys in PAM.
Original Message:
Sent: 05-13-2021 09:42 AM
From: EMILY Mixon
Subject: Ansible Custom Connector Creation or A2A

I was wondering if anyone has successfully been able to connect CA PAM and Ansible where Ansible is able to pull passwords it requires in its playbook from CA PAM instead of using static passwords that someone puts in once.

Hi Kannan,

We are looking to set up connection with ansible as well, could you please share the configuration you have done if possible.

Thanks
Original Message:
Sent: Jul 07, 2021 07:52 PM
From: Kannan Chairman
Subject: Ansible Custom Connector Creation or A2A

I have some sample code that I can share.  I created for 2 use cases.
Lookup Plugin:   To be used in Ansible to lookup password using A2A agents.
Connection Plugin: It is  a modified ssh connection where before connection setup it will get private key from PAM and then use the private key to access target host.  This is meant to manage all ssh keys in PAM.
Original Message:
Sent: 05-13-2021 09:42 AM
From: EMILY Mixon
Subject: Ansible Custom Connector Creation or A2A

I was wondering if anyone has successfully been able to connect CA PAM and Ansible where Ansible is able to pull passwords it requires in its playbook from CA PAM instead of using static passwords that someone puts in once.

See the attached PDF. Let me know if you need any help.
Original Message:
Sent: Mar 20, 2022 11:39 AM
From: Haroon Hanif
Subject: Ansible Custom Connector Creation or A2A

Hi Kannan,

We are looking to set up connection with ansible as well, could you please share the configuration you have done if possible.

Thanks
Original Message:
Sent: Jul 07, 2021 07:52 PM
From: Kannan Chairman
Subject: Ansible Custom Connector Creation or A2A

I have some sample code that I can share.  I created for 2 use cases.
Lookup Plugin:   To be used in Ansible to lookup password using A2A agents.
Connection Plugin: It is  a modified ssh connection where before connection setup it will get private key from PAM and then use the private key to access target host.  This is meant to manage all ssh keys in PAM.
Original Message:
Sent: 05-13-2021 09:42 AM
From: EMILY Mixon
Subject: Ansible Custom Connector Creation or A2A

I was wondering if anyone has successfully been able to connect CA PAM and Ansible where Ansible is able to pull passwords it requires in its playbook from CA PAM instead of using static passwords that someone puts in once.