Within playbooks you occasionally connect to external applications or services, in my case Zabbix and ServiceNow. Because I also need login details and do not want to leave this plain text in playbooks, I use a 'Custom Credentials Type'. The advantage of this is that I can use the login details within a playbook (as a macro) and they are stored encrypted in Ansible Tower.
I first create a new credential type by defining the fields it will have and how these will be passed to my playbook. Credential types consist of two parts – “inputs” and “injectors“.
- Inputs:
define the value types that are used for this credential – such as a username, a password, a token, or any other identifier that’s part of the credential. - Injectors:
describe how these credentials are exposed for Ansible (or us) to use – this can be Ansible extra variables, environment variables, or templated file content.
Both these configurations are specified as YAML or as JSON. In my case, the new credential type is called "ServiceNow" and i’m providing the instance, username and password as part of this credential type:
fields:
- id: instance
type: string
label: ServiceNow Instance
- id: username
type: string
label: ServiceNow Username
- id: password
type: string
label: ServiceNow password
secret: true
required:
- instance
- username
- password
Then in the Injector configuration:
extra_vars:
snow_instance: '{{ instance }}'
snow_password: '{{ password }}'
snow_username: '{{ username }}'
Now go to Credentials and add a new one, selecting "ServiceNow" as Credential Type:
Thats it! When you link this credential to your host, or playbook, you can use this credentials from within your playbook!