How-to Guides
This index is the routing point for the how-to section.
| Page | Outcome |
|---|---|
| Use IdM as live Ansible inventory | Target automation from IdM host and policy state. |
| Retrieve an IdM vault secret | Retrieve vault material safely for Ansible or AAP. |
| Manage IdM vault lifecycle | Create, update, archive, or delete IdM vaults. |
| Query principal state | Preflight users, hosts, and service principals. |
| Retrieve a keytab | Retrieve existing keytabs without rotation. |
| Rotate a keytab explicitly | Rotate keytabs with explicit confirmation and evidence. |
| Request an IdM certificate | Request certificates from CSRs and keep private keys outside the module. |
| Issue an OTP or host enrollment password | Issue user OTP tokens or host enrollment passwords. |
| Inspect DNS state | Inspect forward, reverse, zone-apex, and broad DNS records. |
| Test HBAC access | Use live HBAC test results as an automation gate. |
| Inspect sudo policy | Inspect sudo rules, commands, and command groups. |
| Inspect SELinux map scope | Inspect SELinux user maps and linked HBAC scope. |
| Open a temporary access window | Set, expire, or clear temporary user access boundaries. |
| Render OpenShift identity evidence | Render and validate OpenShift identity evidence without mutating the cluster. |
| Render a Kubernetes Secret from an IdM vault | Render review-first Kubernetes Secret manifests. |
| Render Kubernetes TLS from an IdM certificate | Render review-first TLS Secret manifests. |
| Render a keytab Secret | Render review-first keytab Secret manifests. |
| Build a disconnected AAP execution environment | Build the execution environment for disconnected use. |
| Generate operational evidence | Generate readiness, certificate, keytab, temporary access, and drift reports. |
| Migrate side-effecting lookups | Move keytab and certificate side-effecting flows to explicit modules. |