start portlet menu bar end portlet menu bar
  • Overview
  • Documentation
  • Version history

Description

CyberArk Application Identity Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to protect critical business systems by eliminating hard-coded credentials from application scripts, configuration files, and software code and removing SSH keys from servers where they are used by applications and scripts. Application Identity Manager offers agent and agentless deployment options to best meet the security and availability requirements of various business applications. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability, and centralized management and reporting.

Quick Info

Product icon

Product

HCL DevOps Deploy (HCL Launch)
Plugin type icon

Type

plugin
Compatibility icon

Compatibility

HCL Launch version 7.3.2.8 and later, HCL Deploy version 8.0.1.3 and later
created by icon

Created by

CyberArk
Website icon

Website

CyberArk

Published Date

Last Updated

Installation

See Installing plugins in HCL Deploy for instructions on installing and removing plugins. 

History

Version Description
4 Fixing CVE:CVE-2019-4233.
3 Created an SSL Context for sending client certificates to the CyberArk server.
2 Added hidden SSL configuration properties.
1 Initial release of the CyberArk plugin.

The CyberArk plug-in password retrieval steps generate secure process request properties accessible only by the currently running process. In subsequent steps, you can access these properties using the following syntax: 

 ${p:CyberArk/password}, ${p:CyberArk/username}, and ${p:CyberArk/address} 

 

CyberArk Authentication

The CyberArk server determines how applications will be authenticated to access objects. Applications may be authenticated via Windows username, allowed hostnames, and client certificates. The Get Password from CCP (Web Service) step allows for authentication via client certificate. 

The Keystore File, Keystore Password, and Keystore Type step fields allow you to set an SSL context to request password objects from CyberArk. The certificates in the referenced keystore will be passed with the request. The CyberArk server must trust the client certificate in its truststore and reference the serial number of the certificate to authenticate with. 

CyberArk - Process Steps

Authenticate Conjur

Authenticate Conjur using API Key to get a short-lived access token

Name Type Description Required
API Key String API Key Yes
Account String Organization account name Yes
Api Version Enumeration The version of the API. Valid values are v4 and v5. Yes
Conjur URL String Url of Conjur, e.g. https://eval.conjur.org Yes
Login String The login name of the client. For users, its the user id. For hosts, the login name is host/host-id Yes
Ouput PropertyAccess Token String Process Request Property for storing the retrieved access token Yes
Proxy String Proxy, leave it blank if no proxy is needed No

Get Password from CCP (Web Service)

Retrieve a password from CyberArk AIM Central Credential Provider via an HTTP request.

The Central Credential Provider is installed remote to the agent on a central IIS server. This step will set the prefix/username, /address, and /password properties at either the component process request level or the generic process request level.

Name Type Description Required
Application ID String The unique ID of the application issuing the password request. Yes
Folder String The name of the folder where the password is stored. No
Keystore File String The path to the agent machines keystore file. This is required when the CyberArk server authenticates applications using client certificates. No
Keystore Password Password The password of the agent machines keystore. No
Keystore Type String The type of keystore on the agent machine. No
Object Name String The name of the password object to retrieve. No
Process Property Prefix String The value to be prepended to each process request property that is created by this step. You may address these properties in subsequent steps with the syntax: ${p:/password} for instance. Yes
SSL/TLS Debug Level String Specify a debug level to set the javax.net.debug system property. A level of all will log everything. You can specify more specific logging levels with values. For instance, ssl:handshake will only log information regarding handshakes between the client and server. No
Safe String The name of the safe where the password is stored. No
Server URL String The URL of your CyberArk server. This property should be specified in the format . Yes
Trust Invalid Certificates Boolean Check this box to trust all SSL certificates on the agent machine. This will trust any certificate returned from the CyberArk server during connection. No

Get Password from CP (CLI Utility)

Retrieve a password from CyberArk AIM Credential Provider via the clipasswordsdk command line utility on the agent machine. This step will set the CyberArk/username, CyberArk/address, and CyberArk/password properties at either the component process request level or the generic process request level.

Name Type Description Required
AppID String AppID configured in CyberArk PVWA Yes
Folder String Folder name Yes
Object String Object name of the credential Yes
Ouput PropertyAddress String Process Request Property for storing the retrieved address No
Ouput PropertyPassword String Process Request Property for storing the retrieved password Yes
Ouput PropertyUser Name String Process Request Property for storing the retrieved user name No
Path String Full path to clipasswordsdk.E.g. /opt/CARKaim/sdk/clipasswordsdk Yes
Safe String Safe name Yes

GGet Variable from Conjur

Get Variable from Conjur

Name Type Description Required
Access Token String Access Token Yes
qAccount String Organization account name No
Api Version Enumeration:
* v4
* v5		 Api Version Yes
Conjur URL String Url of Conjur, eg https://eval.conjur.org  Yes
Ouput PropertyVariable String Process Request Property for storing the retrieved variable Yes
Proxy String Proxy, leave it blank if no proxy is needed No
Variable ID String Variable ID Yes

    Version

  • 4.1098501

launch-cyberark-4.1098501.zip

Uploaded: 15-Mar-2021 13:29

Download Icon DOWNLOAD

Related Plugins