I had a requirement where the customer did not want the Ansible password to be visible to the end user. Out of the box, Cloud Assembly inserts the password as plain text and there is no way to conceal it. It is a required field so either it has to be hard-coded or inserted as a user input. To get around this, I created a input in the Blueprint for the user to insert the password.

    type: Cloud.Ansible
      host: '${resource.Cloud_vSphere_Machine_1.*}'
      osType: windows
      account: ansible
      username: Administrator
      password: '${input.ansiblePassword}'

In vRO, under Assets > Configurations, I created a new configuration which had the variable password with the value as the ansible user’s password. The value was stored as SecureString.

Next, I created a vRO action that retrieves the password from the configuration element.

var configurationElementCategory = Server.getConfigurationElementCategoryWithPath(path);
for each(var element in configurationElementCategory.allConfigurationElements){

	if (element.name == configElement) {
		for each (var attribute in element.attributes){
			if (attribute.name == attributeName){
				return (element.getAttributeWithKey(attributeName).value);

The action takes path, attributeName and configElement as the input. Next go to Service Broker and import your Blueprint. Once you see it under Content, select Customize form. Select the field for Ansible password and on the right side menu, click the tab Values. Select External Source for the Default Value and select your action that you created above. You will be able to insert the values of the inputs of your action like shown below. You can also make the ansible password field hidden to the end user under Appearance tab.

Once this is saved, the ansible password field should get the value auto populated when the user requests the catalog item.

Thanks for reading …


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *