Introduction
Cyberark kind of tools are a must for security in your infrastructure and app deployments. Cyberark helps storing credentials in their system, and provide some parameters like safe/app/obj, and some form of authentication so that caller can fetch the credentials. It eliminates the need to put credentials in files or in envirnoment.
When I started using Cyberark, they provided some AIM agent, which gets installed in the host, and they whitelisted the IPs of the machines.
Now, they have also introduced the REST APIs to fetch the credentials, and they have certificate based authentication. The setup I use, takes serial number of the certificate and IPs of the machines from where I want to fetch the credentials.
Curl Command to fetch the Credentials from Cyberark
curl -v --cert '<path to certificate.cer file' --key 'path to private key file' --url 'https://YOUR_HOST/AIMWebService/api/Accounts?AppID=<AppID>&Safe=<Safe_Name>&object=<Cyberark-Object-Name>'Thanks for reading.
