DevOps Deploy Plugins

Appearance

CyberArk - Process Steps

Steps

Authenticate Conjur

Authenticate Conjur using API Key to get a short-lived access token

NameTypeDescriptionRequired
API KeyStringAPI keyYes
AccountStringOrganization account nameYes
Api VersionEnumerationThe version of the API. Valid values are v4 and v5.Yes
Conjur URLStringUrl of Conjur, eg., https://eval.conjur.orgYes
LoginStringThe login name of the client. For users, its the user id. For hosts, the login name is host/host-idYes
Ouput PropertyAccess TokenStringProcess Request Property for storing the retrieved access tokenYes
ProxyStringProxy, leave it blank if no proxy is neededNo

Get Password from CCP (Web Service)

Retrieve a password from CyberArk AIM Central Credential Provider via an HTTP request.

The Central Credential Provider is installed remote to the agent on a central IIS server. This step will set the prefix/username, prefix/address, and prefix/password properties at either the component process request level or the generic process request level.

NameTypeDescriptionRequired
Application IDStringThe unique ID of the application issuing the password request.Yes
FolderStringThe name of the folder where the password is stored.No
Keystore FileStringThe path to the agent machines keystore file. This is required when the CyberArk server authenticates applications using client certificates.No
Keystore PasswordPasswordThe password of the agent machines keystore.No
Keystore TypeStringThe type of keystore on the agent machine.No
Object NameStringThe name of the password object to retrieve.No
Process Property PrefixStringThe value to be prepended to each process request property that is created by this step. You may address these properties in subsequent steps with the syntax: ${p:<prefix>/password} for instance.Yes
SSL/TLS Debug LevelStringSpecify a debug level to set the javax.net.debug system property. A level of all will log everything. You can specify more specific logging levels with values. For instance ssl:handshake will only log information regarding handshakes between the client and server.No
SafeStringThe name of the safe where the password is stored.No
Server URLStringThe URL of your CyberArk server. This property should be specified in the format https://host:port/AIMWebService/api/accounts.Yes
Trust Invalid CertificatesBooleanCheck this box to trust all SSL certificates on the agent machine. This will trust any certificate returned from the CyberArk server during connection.No

Get Password from CP (CLI Utility)

Retrieve a password from CyberArk AIM Credential Provider via the clipasswordsdk command line utillity on the agent machine. This step will set the CyberArk/username,

CyberArk/address, and CyberArk/password properties at either the component process request level or the generic process request level.

NameTypeDescriptionRequired
AppIDStringAppID configured in CyberArk PVWAYes
FolderStringFolder nameYes
ObjectStringObject name of the credentialYes
Ouput PropertyAddressStringProcess Request Property for storing the retrieved addressNo
Ouput PropertyPasswordStringProcess Request Property for storing the retrieved passwordYes
Ouput PropertyUser NameStringProcess Request Property for storing the retrieved user nameNo
PathStringFull path to clipasswordsdk.E.g. /opt/CARKaim/sdk/clipasswordsdkYes
SafeStringSafe nameYes

Get Variable from Conjur

Get Variable from Conjur

NameTypeDescriptionRequired
Access TokenStringAccess TokenYes
AccountStringOrganization account nameNo
Api VersionEnumeration:Api VersionYes
* v4
* v5
Conjur URLStringUrl of Conjur, eg., https://eval.conjur.orgYes
Ouput PropertyVariableStringProcess Request Property for storing the retrieved variableYes
ProxyStringProxy, leave it blank if no proxy is neededNo
Variable IDStringVariable IDYes

©️ IBM Corp. 2011, 2017.
©️ HCL Technologies Limited 2018, 2025.