Platform for storing the generic secrets in CyberArk for syncing to DAP/Conjur

Following the recommendation of CyberArk to sync secrets from vault to Conjur, It works great when we have username and password combination. But it does not provide a good option for storing a generic Secret which can be synced to Conjur. I looked at the option of using the generic Web application platform but you will still need reference a account property to retrieve its value. What are the recommendations to store such secrets?

We can create secret variables directly in Conjur but I want to keep all the secrets at one location for ease of management and any secret/credentials onboarding can be done using the CORE PAS platform.

1 Like

@nathan.whipple It will be great to have your insights on this.

You can navigate to the platform management section in the PVWA:

You can then select the Unix SSH platform and click Duplicate on the bottom right:

In this case I named it Generic Platform, Then you want to navigate to the UI & Workflows -> Properties -> Required & Optional.

In this location you can right click the properties and add and remove which one you want. You could delete all of the properties so then it would just contain a password value.

Hopefully this answers you question.

Thanks,
Andrew

@AndrewCopeland Thanks for your quick response. I have a similar setup where I have made all the properties optional and entered the password only while onboarding the account. I see the account onboarded is syncing to Conjur as follows

name of the vault/LOB/Safe name/name of the account/password

Is there a way that we can store secrets without putting it in account Property i.e. password in this case. so we can retrieve that in Conjur using the variable as below.

name of the vault/LOB/Safe name/name of the account

I am not aware of a way to do this. The Synchronizer follows the pattern below:
name of the vault/LOB/Safe name/name of the account/account property

I do not know of a way to change how the Synchronizer structures the variable IDs from Cyberark into Conjur.

Thanks,
Andrew

@AndrewCopeland Password property is not listed as a optional or required property in the platform. I want to change the name of the property to something else other than password. How can we go about that?

1 Like

It is not possible to change the name of the password property. Any type of an account will have this property by default.

Thanks,
Andrew