Skip to content

Credentials

Credentials are utilized for authentication when launching Jobs against machines, synchronizing with inventory sources, and importing project content from a version control system.

You can grant users and teams the ability to use these credentials, without actually exposing the credential to the user.

Custom Credentials

Although a growing number of credential types are already available, it is possible to define additional custom credential types that works in ways similar to existing ones.
For example, you could create a custom credential type that injects an API token for a third-party web service into an environment variable, which your playbook or custom inventory script could consume.

For example, to provide login credentials for plugins and modules of the Dell EMC OpenManage Enterprise Collection you need to create a custom credential, as no existing credentials type is available.
You can set the environment variables OME_USERNAME and OME_PASSWORD by creating a new AAP credentials type.

In the left navigation bar, choose Credential Types and click Add, besides the name you need to fill two fields:

Configuration Description
Input Which input fields you will make available when creating a credential of this type.
Injector What your credential type will provide to the playbook
Input Configuration
fields:
  - type: string
    id: username
    label: Username
  - type: string
    id: password
    label: Password
    secret: true
required:
  - username
  - password
Injector Configuration
env:
  OME_USERNAME: "{{ username }}"
  OME_PASSWORD: "{{ password }}"

Warning

You are responsible for avoiding collisions in the extra_vars, env, and file namespaces. Also, avoid environment variable or extra variable names that start with ANSIBLE_ because they are reserved.

Save your credential type, create a new credential of this type and attach it to the Job template with the playbook targeting the OpenManage Enterprise API.

An example task may look like this:

- name: Retrieve basic inventory of all devices
  dellemc.openmanage.ome_device_info:
    hostname: "{{ ansible_host }}"
    username: "{{ lookup('env', 'OME_USERNAME') }}"
    password: "{{ lookup('env', 'OME_PASSWORD') }}"

Tip

Depending on the module used, you may leave out the username and password key, environment variables are evaluated first. Take a look at the module documentation if this is possible, otherwise use the lookup plugin as shown above.

Additional information can be found in the Ansible documentation.

Automation and templating

Creating a custom credential with a playbook can be tricky as you need to provide the special, reserved curly braces character as part of the Injector Configuration.
During the playbook run, Ansible will try to template the values which will fail as they are undefined (and you want the literal string representation anyway). Therefore, prefix the values with !unsafe to prevent templating the values.

- name: Create custom Credential type for DELL OME
  awx.awx.credential_type:
    name: Dell EMC OpenManage Enterprise
    description: Sets environment variables for logging in to OpenManage Enterprise
    inputs:
      fields:
        - id: username
          type: string
          label: Username
        - id: password
          type: string
          label: Password
          secret: true
      required:
        - username
        - password
    injectors:
      env:
        OME_PASSWORD: !unsafe "{{ password }}"
        OME_USERNAME: !unsafe "{{ username }}"

Take a look at Disable variable templating for additional information.