Configuring the Delinea Platform

To configure the Delinea Platform for the integration with Ansible, you must complete the following steps in the specified order:

• Step 1: Create a service user in the Delinea Platform for this integration.

• Step 2: Create a secret in Secret Server on the Delinea Platform.

• Step 3: Generate an access token to properly authenticate with the Delinea Platform.

• (Optional) Step 4: Enable required entry of a comment before a secret can be retrieved to Ansible. The integration will automatically use a user-provided comment when retrieving a secret.

The following sections describe how to perform these tasks.

Step 1: Creating a Service User in the Delinea Platform

The Delinea Ansible collection requires a service user to authenticate with the Delinea Platform. If you don't have a service user, you can create one. For more information about creating a service user, see Service Users in the Delinea Platform documentation.

The service user's role in the Delinea Platform must have the View Launcher Password on Secrets and View Secret permissions. The following procedure describes how to create a role with these permissions and how to assign the role to the service user.

To create a role with the required permissions and assign it to the service user:

1. In the Delinea Platform, navigate to Access > Roles.

2. Select Add Role.

3. In the New Role dialog, select Add New Custom Role, provide a name and an optional description for the new role, and select Save.

4. Go to the Permissions tab for the role.

5. Select Add Permissions and in the Add Permissions window, select View Launcher Password on Secrets and View Secret and select Assign.

   You can search for the permissions by using the search box at the top.

6. Assign the role to the service user:

   1. Navigate to Access > Users.

   2. On the Users page, search for and select the service user.

   3. On the user page, go to the Roles tab and select Assign Roles.

   4. In the Assign Roles window, search for and select the role that you created and select Assign.

Step 2: Creating a Secret in the Delinea Platform

You must create a secret in Secret Server on the Delinea Platform to store the credentials that you want to retrieve for use within Ansible playbooks and automation tasks. You must also share the secret with the Delinea Platform service user that you use for this integration to enable the Delinea Ansible collection to retrieve the secret from Secret Server on the Delinea Platform. The following procedure describes how to create a secret and then share the secret with the service user.

To create a secret and share it with the service user:

1. In the Delinea Platform, select Secret Server > All secrets.

2. Select Create secret.

3. In the Create new secret dialog, do the following:

   1. (Optional) Change the default folder.

   2. Make sure that the service user has the View permission for the folder.

   3. Under Choose a secret template, select the template from which to create a secret.

      You can use any template that fits your needs.

   4. Enter a name for the secret and the username and the password to store in the secret.

   5. Provide values for the other secret fields according to the template.

4. Share the secret with the service user:

   1. Go to the Sharing tab of the secret's page.

   2. Select Edit in the upper-right corner.

   3. Clear Inherit permissions.

   4. To find the service user, use the search box at the top.

   5. Select the check box to the left of the service user name and then select View in the dropdown list under Secret Permissions.

   6. Select Save.

Step 3: Generating a Delinea Platform Access Token

The Delinea Platform uses the OAuth 2.0 client credentials grant type to allow backend services to authenticate using their own credentials to access the Delinea Platform APIs. This method supports secure server-to-server communication without user interaction and is commonly used by background services or service accounts.

To generate and retrieve an access token to authenticate with the Delinea Platform, follow these steps in the Delinea Platform documentation (see the "Retrieving an Access Token Using the client_credentials Grant Type" section).

(Optional) Step 4: Configuring Auto Comment in the Delinea Platform

1. Log in to Delinea Platform with admin credentials.

2. Navigate to Secret Server > All secrets.

3. Open the secret for which you want to require entry of a comment.

4. Go to the Security tab.

5. In the Other security section, select the pencil icon next to the Require comment option.

6. Select the Require comment checkbox and select Save.