github.com/Venafi/vcert/v5@v5.10.2/examples/ansible/oauth2.AzureEntra_clientcredentials.yaml (about) 1 --- 2 - name: Authenticate to Azure Entra ID's OAuth2.0 provider using Client Credentials Flow. 3 hosts: localhost 4 vars: 5 # The value of these variables are specific to the Application that is being automated. 6 # Each application or team should have a separate IDP application integration with separate credentials. 7 # Reuse of the same IDP integration across the entire company is not advised due to the access 8 # the Venafi service account will need to be given inside the TLSPC platform. 9 idp_token_url: <Your Azure Entra ID Token URL with https://> 10 idp_client_id: <Your Client ID> 11 idp_client_secret: <Your Client Secret> 12 13 tasks: 14 - name: Authenticate to Azure Entra ID 15 ansible.builtin.uri: 16 url: '{{ idp_token_url }}' 17 method: POST 18 body_format: form-urlencoded 19 body: 20 # Azure Entra ID's scope parameter can be .default to get the default scope and can be much more complicated if you want it to be. 21 - [ scope, 'certificates:request'] 22 - [ client_id, '{{ idp_client_id }}' ] 23 - [ client_secret, '{{ idp_client_secret }}' ] 24 - [ grant_type, client_credentials ] 25 status_code: 200 26 register: auth 27 28 - name: Execute VCert Playbook on WebApp Servers 29 #hosts: my_app_servers 30 hosts: <My inventory> 31 vars: 32 # The fully qualified path to the Vcert Playbook file is stored here. 33 # This should be the same for all hosts in the chosen inventory. 34 vcert_playbook_path: <Vcert Playbook Fully Qualified Path> 35 36 tasks: 37 - name : Execute VCert playbook with JWT. 38 shell: vcert run --file '{{ vcert_playbook_path }}' 39 environment: 40 TLSPC_EXTERNAL_JWT: '{{ auth.json.access_token }}' 41