Ansible Integration

Secure Ansible automation with dynamic inventory, certificate-based SSH authentication, and comprehensive playbook execution audit trails.

View Documentation Request Demo

Features

Secure Ansible Automation

Eliminate static SSH keys and gain comprehensive visibility into your Ansible automation workflows.

Dynamic Inventory

Automatically sync TigerAccess nodes as Ansible inventory with real-time updates and group management.

SSH Credential Injection

Seamlessly inject short-lived SSH certificates into Ansible playbooks without storing credentials.

Playbook Access Control

Enforce RBAC for playbook execution with just-in-time access and comprehensive audit trails.

AWX/Tower Integration

Integrate with Ansible AWX and Tower for centralized automation with TigerAccess authentication.

Capabilities

Enterprise Ansible Management

Dynamic inventory sync

SSH certificate injection

Playbook execution logs

Role-based playbook access

AWX/Tower SSO integration

Ansible Vault compatibility

Custom group mappings

Real-time inventory updates

Session recording

Variable injection

Collection support

Multi-environment support

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your Ansible automation.

Configure Dynamic Inventory

Set up the TigerAccess dynamic inventory script to automatically fetch your infrastructure nodes.

#!/usr/bin/env python3
# tigeraccess_inventory.py

import json
import subprocess

# Fetch nodes from TigerAccess
result = subprocess.run(
    ['tac', 'ls', '--format=json'],
    capture_output=True,
    text=True
)

nodes = json.loads(result.stdout)

# Build Ansible inventory
inventory = {
    '_meta': {'hostvars': {}},
    'all': {'children': ['tigeraccess']},
    'tigeraccess': {'hosts': []}
}

for node in nodes:
    hostname = node['hostname']
    inventory['tigeraccess']['hosts'].append(hostname)
    inventory['_meta']['hostvars'][hostname] = {
        'ansible_host': node['addr'],
        'ansible_user': node['user'],
        'ansible_ssh_common_args': '-o ProxyCommand="tac proxy %h:%p"'
    }

print(json.dumps(inventory, indent=2))

Configure Ansible

Update your ansible.cfg to use TigerAccess for SSH connections and dynamic inventory.

[defaults]
inventory = ./tigeraccess_inventory.py
host_key_checking = False
timeout = 30

[ssh_connection]
# Use TigerAccess SSH certificates
ssh_args = -o ProxyCommand="tac proxy %h:%p"
pipelining = True
control_path = /tmp/ansible-ssh-%%h-%%p-%%r

Execute Playbooks

Run Ansible playbooks with TigerAccess authentication. No SSH keys required.

# Login to TigerAccess
tac login --user=devops

# Verify inventory
ansible-inventory --list

# Run playbook
ansible-playbook site.yml

# Run with just-in-time access request
tac request create --roles=ansible-admin --reason="Deploy v2.1.0"
ansible-playbook deploy.yml

AWX/Tower Integration

Configure AWX/Tower to use TigerAccess for authentication and credential management.

# Add TigerAccess as credential type in AWX
tacctl integrations add awx \
  --url=https://awx.example.com \
  --auth-type=oidc \
  --inventory-sync=true \
  --credential-injection=true

# Configure OIDC in AWX settings
SOCIAL_AUTH_OIDC_ENDPOINT = "https://tigeraccess.example.com"
SOCIAL_AUTH_OIDC_KEY = "awx-client-id"
SOCIAL_AUTH_OIDC_SECRET = "***"

Use Cases

Real-World Ansible Scenarios

Zero-Trust Automation

Execute Ansible playbooks without storing SSH keys. TigerAccess issues short-lived certificates on-demand, ensuring zero standing credentials in your automation workflows.

Auditable Configuration Management

Track every playbook execution with comprehensive audit logs showing who ran what, when, and why. Perfect for compliance requirements in regulated industries.

Multi-Environment Orchestration

Manage access to dev, staging, and production environments with different approval workflows. Prevent unauthorized playbook execution in sensitive environments.

Team Collaboration

Enable DevOps teams to collaborate safely with role-based access to playbooks and hosts. Integrate with AWX/Tower for centralized automation control.

FAQ

Frequently Asked Questions

How does TigerAccess inject SSH credentials into Ansible?

TigerAccess uses SSH ProxyCommand to transparently handle authentication. When Ansible attempts to connect to a host, the connection is routed through TigerAccess proxy, which injects short-lived SSH certificates. No changes to your playbooks are required.

Can I use Ansible Vault with TigerAccess?

Yes. TigerAccess is fully compatible with Ansible Vault. You can continue using Vault for encrypting sensitive variables while TigerAccess handles SSH authentication and access control.

Does the dynamic inventory update in real-time?

The dynamic inventory script fetches the latest nodes from TigerAccess each time it runs. For AWX/Tower, you can configure automatic inventory sync on a schedule (every 5 minutes, hourly, etc.) or trigger updates via webhook.

How do I control which users can run specific playbooks?

Use TigerAccess RBAC to define roles with specific permissions. For example, create a "deploy-production" role that grants access to production hosts only during approved maintenance windows. Integrate with AWX/Tower for playbook-level access control.

Can I use TigerAccess with Ansible Collections?

Yes. TigerAccess works seamlessly with Ansible Collections. The SSH credential injection happens at the transport layer, so all Ansible features including Collections, custom modules, and plugins are fully supported.

What gets recorded in audit logs?

TigerAccess records all SSH sessions initiated by Ansible, including the user who triggered the playbook, which hosts were accessed, commands executed, and the full session output. For AWX/Tower integrations, playbook job metadata is also captured.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available