Question
CyberArk - API to retrieve passwords from Enterprise Password Vaults
We have a requirement to use CyberArk - API to retrieve passwords from Enterprise Password Vaults (EPV). We are planning to store all passwords which are hard coded in any of config files with EPV. If anyone of you have used this implementation, it will be great if you can let us know how this can be done in pega.
I understood the usual process to encrypt password stored in config file is through keyring-file, If prpc didn't find password in config file, it will look in keyring file. Since we would like to use CyberArk - API, please advise how to instruct pcpc to get the password from CyberArk instead of getting from prConfig.xml file/keyring file.
We are using pega v7.2..Do you have details on what changes you have in v7.2.2 to support this integration?
Accepted Solution
You will need to request a hotfix - as far as I can see, not available for 7.2 yet (available for 7.2.1). Create a SR if you need.
As suggested by Kevin, you may create an SR for the scenario. Once you do that, request you to share the SR number here in the thread so we could relate the thread to the support request.
Thanks!
Have you tried exploring their SDK or their REST api?
Typically you would have to write data page components to consumer their REST interface.
I did a POC in the past to integrate key storage and retrieval with HashiCorp vault and was successful.
The important thing here is to go through their documentation and understand the steps required to store and retrieve keys from their vault.
I can see a client using this in our knowledge base, not much details except to say extending jdbc jar. I guess you need to check with the CyberArk vendor on the API usage. There are some changes needed from Pega to support the integration, which we have included in the latest 7.2.2, hope that is the version you are trying to use.