CyberArk Terraform provider

joalmaraz · November 6, 2019, 4:33am

Hi all,

Just out of curiosity, I was wondering: is there anything in progress within CyberArk to have a provider so we could describe and automate core PAS install/configs, for example ? At the moment I am only aware of the conjur terraform provider, which works perfectly fine to fetch secrets, but I was more looking into automating CyberArk environments and as you know, terraform is great

Cheers,

joalmaraz · November 6, 2019, 4:42am

Example: we need to provision an entire Core PAS + Vault Synchronizer + Conjur, we could have all of them described in terraform modules to spin up the necessary servers and perform an API driven provisioning. If there is no official work on that, it sounds to me an entire project, but it would be really good to have something like that (even maybe including PCloud ? ).

Feedbacks will be great

Feed_me_Cookies · November 6, 2019, 6:17am

that sounds like a hop, skip and a jump away from having Cyberark installed with Docker containers, something I am not opposed to but I have heard mixed views one

joalmaraz · November 6, 2019, 6:20am

Right, but not necessarily using containers, its more to orchestrate the components, have state, plan, etc, all terraform benefits with structure, modules.

jake · November 6, 2019, 4:48pm

I haven’t heard about anything like that, but that sounds like a good idea. I’ll ask around and get back to you!

joe.garcia · November 7, 2019, 1:37am

Officially, I wouldn’t expect anything regarding Terraform unless the community contributed it. As far as Ansible automated deployments, we have automated the deployment of PAS using that for all components.

You can check out the project on GitHub at:

Now, to the unofficial business…

I love HashiCorp (minus Vault, of course) and would love to have Terraform Cloud automatically provision components into AWS for me, personally. So I would say something like this is not out of the realm of possibility to see from me sometime in the future as a community contribution… but I wouldn’t hold your breath either. I have a day job.

Are there others here that would like to see this? The more positive feedback I get, the higher up my priority list this can go.

joalmaraz · November 7, 2019, 2:49am

Hi Joe, thanks for the feed-back. You’re spot on in the idea, to be able to spin-up the required infra, etc and I would be happy to contribute as well, but surely aware of priorities, it was more a question it came to mind. Cheers.

joe.garcia · November 7, 2019, 3:06am

When I start working on it, I’ll be sure to share the project URL here for contributions

Topic		Replies	Views
CyberArk Conjur Secret Lookup - Ansible Secrets Management - Conjur, Secrets Hub & CP	13	2554	February 11, 2021
New Native Kubernetes/OpenShift integration! News and Announcements kubernetes	1	746	November 18, 2019
Conjur newbie suggestions Secrets Management - Conjur, Secrets Hub & CP howto , kubernetes , conjur	1	380	June 4, 2021
Integrate Kubernetes secrets with cyberark Conjur Enterprise opensource , howto	4	765	July 8, 2020
How you upgrade of CyberArk using Automation General ansible	3	1003	January 27, 2020

CyberArk Terraform provider

Related Topics