I just installed the synchronizer and the installation completed successfully (no errors in logs as well). However, to retrieve the credentials and then onboard the account in Vault, I am unable to find the file synchronizerConjurHost.xml anywhere in the directory.
I am using ‘Vault Conjur Synchronizer-Rls-v10.6’
Tried un-installing and re-installing using administrator account on the server, still gives the same issue. Please help.
Please look at the directory you ran installation script from.
Notice in our documentation we mention two main directories:
synchronizerConjurHost.xml should be located at Installation package directory
I did check the entire folder, there is no such file. I have attached the installation log file. There is a line in the powershell script “WriteOutput -Message “Wrote Synchronizer Conjur host credentials to $conjurHostCredFileOutputPath”” , I don’t see it in the installation.log output file or on the powershell window where I executed the script.
PlInstallation.log.txt (3.1 KB)
Lets try those steps:
- Please verify again that the directory you are searchinng for the file is not the target path: C:\Program Files\CyberArk\Synchronizer
- In Conjur UI, look in the hosts section, is there one already present?
- Run the creation of file manually - maybe the directory you run installation from dose not allow file creation.
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList “username”,“secret”
$credentials | Export-Clixml
Those code line are from instllation script with adjustments.
For last resort, uninstall synchronizer service, delete directories and files, spin up an empty Conjur container, unpack synchronizer archive into “temp” directory and try to run instllation again.
*Advanced debugging could wrap CreateConjurHostAndPolicy() method with try catch
If hosts already exists install skip that step.
Can you run it on a clean Conjur?
Alternatively, the only reason we need this XML file is so you can get the values necessary to onboard the object in the ConjurSync safe. Since you can see the host in the UI, we have that. So when you create the object in the ConjurSync safe through the PVWA, the username will be
host/Sync_<your host here>. Second, to get the API key, login in to the Conjur CLI as the user
admin, then run
conjur host rotate_api_key -h Sync_<your host here>. The new API key value will be returned, and this will go in the password field of the object in the ConjurSync safe. Note: The host name is case sensitive, please ensure you are using the case as displayed for this host in the DAP UI. HTH!