Ataccama ONE Agentic Cloud Portal ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (17.0.0) 16.3.0 16.2.0 16.1.0 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

CyberArk Secrets Manager Integration

Integrate ONE with CyberArk Central Credential Provider (CCP) to retrieve secrets when connecting to data sources.

Create new CyberArk Secrets Manager integration

  1. Go to Global Settings > Application Settings > Secret Management.

    Add new service

  2. Select Add.

  3. Provide the following information:

    • General

      1. Provider: The key vault or secret manager you are connecting to. Select CyberArk Secrets Manager.

      2. Name: A unique name for this service.

      3. URL: The complete URL of the CyberArk Central Credential Provider (CCP).

      4. Application ID: The unique ID of the application issuing the password request.

      5. Description (Optional): A description for this service.

    • Authentication method: Select from the options provided.

      • PFX Client Certificate

        CyberArk PFX authentication

        1. Pfx file: A single bundled file containing the client certificate, private key, and optionally the CA certificate.

        2. Passphrase: The password used to protect the PFX file.

      • Cert Client Certificate

        CyberArk Cert authentication

        1. Cert file: A client certificate file, which can also contain the CA certificate.

        2. Key file: The private key file.

        3. Passphrase: The password used to protect the key file.

  4. Select Test to test the connection.

    If the connection is successful, select Save. Otherwise, verify that your configuration is correct.

CyberArk secret name format

When using CyberArk secrets in connection credentials, the secret name follows a specific format:

SafeName:ObjectName:FieldName

Where:

  • SafeName: The name of the safe where the password is stored.

  • ObjectName: The account name of the password object to retrieve.

  • FieldName: The field from which to get the value.

For example: Partner-Ataccama:AWS_AccessKey_Demo:awsaccesskeyid.

Example accounts stored in CyberArk

The following examples show the structure of different account types stored in CyberArk.

AWS access key (Safe: 'Partner-Ataccama', Object: 'AWS_AccessKey_Demo') 
{
    "Content": "XoJLflzB9X0qTQ+A/GR/wIQnlebVSRKOxncjnQu",
    "creationmethod": "PVWA",
    "awsaccesskeyid": "AZIA37MYHSL2HIIAYE10",
    "awsaccountid": "cyberarkDemo",
    "username": "Cyberark",
    "object": "AWS_AccessKey_Demo",
    "policyid": "BD-PMAWSAccessKeys",
    "Safe": "Partner-Ataccama",
    "devicetype": "Cloud Service",
    "Name": "AWS_AccessKey_Demo",
    "Folder": "Root",
    "PasswordChangeInProcess": "False"
}
MySQL account (Safe: 'Partner-Ataccama', Object: 'AtaccamaMysqlDemo') 
{
    "Content": "XoJLflwB9DX0qTQ",
    "creationmethod": "PVWA",
    "Safe": "Partner-Ataccama",
    "database": "demo",
    "object": "AtaccamaMysqlDemo",
    "username": "ataccamaCyberark",
    "policyid": "MySQL",
    "devicetype": "Database",
    "Name": "AtaccamaMysqlDemo",
    "Folder": "Root",
    "PasswordChangeInProcess": "False"
}
SSH account (Safe: 'Partner-Ataccama', Object: 'account2retrieve') 
{
    "Content": "CyberArkSSH",
    "creationmethod": "PVWA",
    "address": "address",
    "Safe": "Partner-Ataccama",
    "username": "username",
    "object": "account2retrieve",
    "policyid": "UnixSSH",
    "devicetype": "Operating System",
    "Name": "account2retrieve",
    "Folder": "Root",
    "PasswordChangeInProcess": "False"
}

Usage examples

Example using AWS access key credentials

  1. In Data Catalog > Sources > [your source] > Add Connection, select Add Credentials.

  2. Select Credential type from the options provided:

    • AWS access key credentials

      Configure AWS access key credentials with CyberArk

      1. Name: A unique name for this set of credentials.

      2. Description (Optional): A description for this service.

      3. Select a secret management service: Select the CyberArk Secrets Manager you configured.

      4. Access key

        1. Select the Use secret management service option.

          You can enable Use secret management service to retrieve the access key, but it is not necessary as the access key can generally be shared and entered manually.

        2. Access key (secret name): Enter the secret name in the CyberArk format SafeName:ObjectName:FieldName.

          For example: Partner-Ataccama:AWS_AccessKey_Demo:awsaccesskeyid.

      5. Secret key

        1. Select the Use secret management service option.

        2. Secret key (secret name): Enter the secret name in the CyberArk format SafeName:ObjectName:FieldName.

          For example: Partner-Ataccama:AWS_AccessKey_Demo:Content.

  3. Select Test to test the connection. If the connection is successful, select Save. Otherwise, verify that your configuration is correct.

Was this page useful?