Cyberark offers a wide array of solutions for delivering and securing application credentials.
Credential Provider (CP):
- Agent on application server
- Recommended for highly critical applications since it caches credentials on the application server
- Attribute based authentication includes: OS user running the application, application hash, application path, CIDR restrictions.
- More information can be found here
Application Server Credential Provider (ASCP)
- Agent on application server
- Similar to the CP however it is created specifically for application servers that connect to databases.
- Supported application servers are: JBoss, Weblogic, WebSphere and Tomcat
- More information can be found here
Central Credential Provider (CCP):
- Agentless solution
- Authentication methods include: Client Certificate, Certificate Serial Number, CIDR restriction and OS User for Windows
- REST API request to fetch needed credentials.
- Recommend for scripts, non-critical applications, and dynamic applications.
Dynamic Access Provider (DAP - Formerly known as Conjur)
- Agentless solution
- Authentication Methods: Kubernetes, IAM role, OIDC or API key.
- Highly scalable solution for dynamic applications across cloud providers, hybrid environments or container orchestration tools.
- REST API request to fetch needed credentials.
- Security as code via YAML files.
- Integrates with all your favorite DevOps tools: Jenkins, Ansible, Terraform, Puppet, Kubernetes, Openshift and PCF.