Add a CyberArk Secrets Manager

Updated 2 months ago by Chakravarthy Tenneti

You can use CyberArk for your Harness secrets. CyberArk protects all privileged account passwords and SSH keys in a highly-secure central repository to prevent the loss, theft or unauthorized sharing of these credentials.

In this topic:

Before You Begin

Step 1: Configure Secrets Manager

  1. Select Continuous Security > Secrets Management. The Secrets Management page appears.
  2. Click Configure Secrets Managers. In the resulting Secrets Managers page, the Status column indicates the Default provider.
  3. Click Add Secrets Manager. The Configure Secrets Manager dialog appears.
  4. Select CyberArk from the drop down list.

Step 2: App ID

The unique ApplicationId of the application.

Step 3: CyberArk URL

Enter the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.

If you encounter errors, try ending the base URL in a forward slash (/).

Step 4: Client Certificate PEM

A client certificate PEM is required if the App ID referenced is configured with authentication using a client certificate. Paste in the user credentials certificate to use for CyberArk connections. Use pbcopy to avoid any text formatting issues.

Limitations

When you use CyberArk as the Harness Secrets Manager, be aware that Harness is not be able to write new secrets, just read existing ones created directly via Cyberark. See Referencing Existing External Secrets.

Due to CyberArk API limitations, credentials for new Connectors and Cloud Providers are encrypted and stored in the Harness SecretStore instead of CyberArk.

You cannot create Harness Encrypted Files using CyberArk.


How did we do?