Following the recommendation of CyberArk to sync secrets from vault to Conjur, It works great when we have username and password combination. But it does not provide a good option for storing a generic Secret which can be synced to Conjur. I looked at the option of using the generic Web application platform but you will still need reference a account property to retrieve its value. What are the recommendations to store such secrets?
We can create secret variables directly in Conjur but I want to keep all the secrets at one location for ease of management and any secret/credentials onboarding can be done using the CORE PAS platform.
@nathan.whipple It will be great to have your insights on this.
You can navigate to the platform management section in the PVWA:
You can then select the
Unix SSH platform and click
Duplicate on the bottom right:
In this case I named it Generic Platform, Then you want to navigate to the
UI & Workflows ->
Required & Optional.
In this location you can right click the properties and add and remove which one you want. You could delete all of the properties so then it would just contain a
Hopefully this answers you question.
@AndrewCopeland Thanks for your quick response. I have a similar setup where I have made all the properties optional and entered the password only while onboarding the account. I see the account onboarded is syncing to Conjur as follows
name of the vault/LOB/Safe name/name of the account/password
Is there a way that we can store secrets without putting it in account Property i.e. password in this case. so we can retrieve that in Conjur using the variable as below.
name of the vault/LOB/Safe name/name of the account
I am not aware of a way to do this. The Synchronizer follows the pattern below:
name of the vault/LOB/Safe name/name of the account/account property
I do not know of a way to change how the Synchronizer structures the variable IDs from Cyberark into Conjur.
@AndrewCopeland Password property is not listed as a optional or required property in the platform. I want to change the name of the property to something else other than password. How can we go about that?
It is not possible to change the name of the password property. Any type of an account will have this property by default.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.