Add a CyberArk Secrets Manager
You can use CyberArk for your Harness secrets. CyberArk protects all privileged account passwords and SSH keys in a highly-secure central repository to prevent the loss, theft or unauthorized sharing of these credentials.
In this topic:
- Before You Begin
- Step 1: Configure Secrets Manager
- Step 2: App ID
- Step 3: CyberArk URL
- Step 4: Client Certificate PEM
- Next Steps
Before You Begin
- See Harness Key Concepts.
- See Secrets Management Overview.
- Make sure that the Harness Delegate is able to connect to the CyberArk URL.
Step 1: Configure Secrets Manager
- Select Continuous Security > Secrets Management. The Secrets Management page appears.
- Click Configure Secrets Managers. In the resulting Secrets Managers page, the Status column indicates the Default provider.
- Click Add Secrets Manager. The Configure Secrets Manager dialog appears.
- Select CyberArk from the drop down list.
Step 2: App ID
The unique ApplicationId of the application.
Step 3: CyberArk URL
Enter the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.
Step 4: Client Certificate PEM
A client certificate PEM is required if the App ID referenced is configured with authentication using a client certificate. Paste in the user credentials certificate to use for CyberArk connections. Use pbcopy to avoid any text formatting issues.
Step 5: Usage Scope
When you use CyberArk as the Harness Secrets Manager, be aware that Harness is not be able to write new secrets, just read existing ones created directly via Cyberark. See Referencing Existing External Secrets.
You cannot create Harness Encrypted Files using CyberArk.