FlexDeploy provides out of box integration with CyberArk AAM to retrieve secrets. FlexDeploy will authenticate either using client certificate or using Agent. In this section we will talk about client certificate based authentication.
CyberArk Setup
- Create necessary Application Ids in CyberArk AAM.
- Create safe and credentials.
- Configure Application Id for specific client certificate authentication.
FlexDeploy Setup
You must first create Credential Store in FlexDeploy by clicking Create Store button on Administration - Security - Credentials page. Credential store represents instance of specific type of credential store provider. If you have more than one CyberArk AAM installations, you will create equal number of Credential Stores in FlexDeploy. Use CyberArk AAM Provider when creating this store.
Here are the configurations necessary for this store.
| Property Name | Notes | Example |
|---|---|---|
| CyberArk URL | HTTP URL for CyberArk AAM. FlexDeploy will invoke HTTP GET to retrieve credential. If you use https protocol, then you may have to setup Server Certificate Path. GET is invoked with URL and path - AIMWebservice/api/Accounts | https://services-uscentral.skytap.com:17052 |
| Client Certificate Path | Only PEM certificates are supported at this time. You must store PEM certificate file with private key and certificate on FlexDeploy server in secure location. | |
| Client Certificate Password | ||
| Server Certificate Path | Optional, only needed if using https protocol. Only PEM certificates are supported at this time. You must store PEM certificate file with private key and certificate on FlexDeploy server in secure location. |