...
| Property Name | Notes | Example |
|---|---|---|
| CyberArk URL | HTTP URL for CyberArk AAM. FlexDeploy will invoke HTTP GET to retrieve credential. If you use https protocol, then you may have to setup Server Certificate Path. URL can be https://services-xyz.skytap.com:1234 or https://services-xyz.skytap.com:1234/AIMWebservice/api/Accounts. If URL does not end with api/Accounts, then /AIMWebservice/api/Accounts will be added to end of URL automatically for invocation. | https://services-xyz.skytap.com:1234 |
| Client Certificate Path | This is the full path to the .pem file containing the private key and certificate is chain used to authenticate FlexDeploy against CyberArk AAM. Only PEM certificates are supported at this time. You must store PEM certificate file with private key and certificate on FlexDeploy server in secure location. See the Supported Key Formats section below to verify your private key meets requirements. | |
| Client Certificate Password | Client certificate password. This is required for PKCS#12 (encrypted) format private keys. | |
| Server Certificate Path | Optional, only needed if using https protocol. This is the full path to the .pem certificate file which is used to setup trust for CyberArk server. Only PEM certificates are supported at this time. You must store PEM certificate file with certificate on FlexDeploy server in secure location. |
...
You can change credential inputs (Application Id, Query Text) at any point. FlexDeploy will use these inputs with credential store properties like URL, Certificate Path etc. to retrieve individual credential for use during Workflow Execution.
Supported Key Formats
| Anchor | ||||
|---|---|---|---|---|
|
- PKCS#8 - In a PEM file, the base64 ASCII encoded private key will be contained between -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines.
- PKCS#1 (RSA) @since 5.6.0.1- In a PEM file, the base64 ASCII encoded private key will be contained between -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines. This RSA key cannot be password protected. There will be lines before the key similar to Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,2A37A86050838C0D if the key is encrypted, and therefore password protected. If you prefer to use a password to protect the private key, use a PKCS#12 key.
- PKCS#12 (Encrypted) @since 5.6.0.1- In a PEM file, the private key will be contained between -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY----- lines. A client certificate password is required for this private key format. Supported ciphers are
- des/des3 (default)
- aes128/aes192/aes256
- camellia128/camellia192/camellia256
Converting Between Key Formats
Often, a certificate and key will be provided in the form of .cer and .key files or some other format. OpenSSL or another tool will be needed to convert to the supported PEM format. See some examples below.
- Create a .p12 combined certificate file from .key and .cer files, then export as a .pem file. You will be prompted for the password when running these commands.
openssl pkcs12 -export -in <.cer file> -inkey <.key file> -out <.p12 result file> -name <friendly name>
openssl pkcs12 -in <.p12 file> -out <.pem result file>
- Convert a PKCS#8 .pem file to PKCS#1. Keep in mind adding options like -des to this command is not supported. To encrypt a key, convert it to PKCS#12 format with the openssl pkcs12 command.
openssl rsa -in <.pem file> -out <rsa .pem file>
- Encrypt a PKCS#8 .pem file. You will be prompted for the password when running these commands.
openssl pkcs12 -export -in <.pem file> -out <.p12 file>
openssl pkcs12 -in <.p12 file> -out <new .pem file>