UC_VAULT_CYBERARK - Password Vault Configuration
This static Variable (VARA) object allows you to configure your password vault. For more information, see Password Vaults.
UC_VAULT_CYBERARK is not supplied with the system and needs to be created and defined for all clients using a password vault. You can create it in Client 0 or in any of your other Clients. If the variable is defined in Client 0, all your Clients use the same configuration. However, you can override the definition in Client 0 by creating the variable in the relevant Client and modifying the configuration.
This variable includes the following keys:
-
PORT
Default port: 18923
-
TIMEOUT
Default value: 30 seconds
-
APPID
(Mandatory) This parameter is necessary to register the application in the vault.
-
REST
URL of the REST endpoint used to retrieve the passwords when using TLS/SSL for the communication between CyberArk and the Automic Automation system, see Using a REST Endpoint.
Important! The host defined in this parameter must match the Common Name (CN) defined in the certificate used to authenticate the REST endpoint.
-
REASON
(Optional) Specify why the passwords were accessed in the vault.
-
VLT_SAFE<nr>
Specify the safe from which the Login object needs to retrieve the credentials.
-
USEOBJECT
(Optional) If this parameter is set to Y and the agent name is set in the Login object (* is not a valid value), you can use this value to match the object name in the vault. This applies only if the object name in the vault was to configured to use the agent name.
Allowed values: Y and N (default).
Note: You must re-open the Login object after setting the values of the UC_VAULT_CYBERARK variable to be able to select your configured safes, for further details see Login (LOGIN).
Configuration Options
You can select from different options such as defining only the safe name, a combination of safe and object name or safe name and address, or all three - safe name, object name and address. This also depends on whether your user name is unique in each safe or not.
Key definition | Value 1 | Value 2 | Value 3 |
---|---|---|---|
VLT_SAFE<nr> | Safe name | Object name | Address |
Once set up, the vault is listed in the Login object, where you can select it as needed.
Option 1: Vault Configuration with Safe
This option requires a unique user name in each safe. You have to define the VLT_SAFE<nr> key of the UC_VAULT_CYBERARK variable for each safe.
To do so, define the safe value in the Value 1 column of the variable definition page using the following format: <safe>.
Example
Key definition | Value 1 | Value 2 | Value 3 |
---|---|---|---|
VLT_SAFE<nr> | AECredentials | empty | empty |
The vault is listed in the Login object as follows:
AECredentials@CYBERARK
Option 2: Vault Configuration with Safe and Object Name
If the user name is not unique within a safe, you can use the object name (account name) as an additional identifier. In this case, make sure that the object name is unique within the safe. The name is created automatically when creating a new account, but you can also change it manually.
In this case, you define the safe value in the Value 1 column and the object name on the Value 2 column of the variable definition page using the following format: <safe>*<objectname>.
Example
Key definition | Value 1 | Value 2 | Value 3 |
---|---|---|---|
VLT_SAFE<nr> | AECredentials | Operating System-WinDomain-hostname.domain-aeuser | empty |
The vault is listed in the Login object as follows:
AECredentials*Operating System-WinDomain-hostname.domain-aeuser@CYBERARK
Option 3: Vault Configuration with Safe and Address
You can also use the address as part of the Cyberark query in combination with the safe name. The user name is always part of the query.
In this case, you define the safe value in the Value 1 column and the address on the Value 3 column of the variable definition page using the following format: <safe>*<address>. The Value 2 column remains empty.
Example
Key definition | Value 1 | Value 2 | Value 3 |
---|---|---|---|
VLT_SAFE<nr> | AECredentials | empty | myhost.com |
Note: An empty string is inserted representing the empty Value 2 column.
The vault is listed in the Login object as follows:
AECredentials**myhost.com@CYBERARK
Option 4: Vault Configuration with Safe, Object Name and Address
You can also decide to use all three values: safe name, object name, and address.
In this case, you define the safe value in the Value 1 column, the object name on the Value 2 column, and the address on the Value 3 column of the variable definition page using the following format: <safe>*<objectname>*<address>.
Key definition | Value 1 | Value 2 | Value 3 |
---|---|---|---|
VLT_SAFE<nr> | AECredentials | Operating System-WinDomain-hostname.domain-aeuser | myhost.com |
The vault is listed in the Login object as follows:
AECredentials*Operating System-WinDomain-hostname.domain-aeuser*myhost.com@CYBERARK
See also: