Request A Demo
Back to All Blog Articles

FlexDeploy Integration with CyberArk AAM

In this previous blog entry we discussed FlexDeploy integration with external credential stores. Now let’s explore specifics of integration with CyberArk AAM.

FlexDeploy provides two out of box options for integration with CyberArk AAM:

  1. Command line option with Agent and
  2. HTTP call to AIM webservice.

Here are high level integration steps for either type of CyberArk AAM integration:

  1. Configure credential store in FlexDeploy with details necessary to interact with CyberArk
  2. Configure individual credential for each secret value necessary
  3. Use credential in build/deploy configurations

Configure agent integration

For integration using agent, first you need to install and configure CyberArk agent on the FlexDeploy server, which will setup clipasswordsdk executable in /opt/CARKaim/sdk. Now create credential store configuration using CyberArk AAM Agent provider and provide location of clipasswordsdk.

FlexDeploy will invoke command line to get secret. For example,

/opt/CARKaim/sdk/clipasswordsdk GetPassword -p AppDescs.AppID=AppID1 -p Query=”safe=Database%20Accounts;folder=root;object=apps” -o Password

Configure webservice integration

For integration using webservice, you need various details like CyberArk URL and Client Certificate. Client certificate is used for authentication. If you are using self signed certificates, you need to provide server certificate as well. Now create credential store configuration using CyberArk AAM provider and provide various details.

FlexDeploy will invoke webservice to get secret. For example,

https://services-uscentral.skytap.com:17052/AIMWebservice/api/Accounts?AppID=AppId1&Query=safe=Database%20Accounts;folder=root;object=apps

Configure credential

For each secret value that you want to use from CyberArk AAM, configure credential with unique name. In either type of integration, you will need to provide Application Id and Query. Query contains details like safe, folder and object.

Now use credential as necessary in FlexDeploy configurations.

FlexDeploy will retrieve secret from CyberArk as necessary and will not cache or print it. This will allow you to update credentials as per your organization policies and not have to worry about updating FlexDeploy configurations.

See FlexDeploy Documentation for more detailed instructions.

You can try FlexDeploy for Free to try features described in this blog.

Related Resources

New in 7.0: Release Work Items

Work item tracking tools play a crucial role in the DevOps process, helping teams plan new features, resolve bugs efficiently, ...

Analyze Source Code Using PMD in FlexDeploy

PMD is a static source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object ...

OWASP Scanning in FlexDeploy

If you’ve been looking for a quick scanner that provides insight into the libraries referenced from your builds, chances are ...

Join DevOps leaders across the globe who receive analysis, tips, and trends in their inbox