9

Do anybody know if there is any sort of API available for Cyber-Ark Privileged Identity Management to integrate it with an enterprise applications?

Toon Krijthe
  • 52,876
  • 38
  • 145
  • 202
Vlad
  • 101
  • 1
  • 1
  • 4

4 Answers4

8

I think the answer might be 50% yes, 50% no. Definitely Cyber-Ark offers web services and an API for their Vault objects, so you should be able to retrieve passwords from the Vault from a trusted application. There is a paragraph of sales information on Cyber-Ark's website:

Cyber-Ark's comprehensive SDK provides an interface to the Vault objects that you can use to develop custom solutions that work with the Vault. Cyber-Ark provides a variety of SDK such as Command Line Interface, ActiveX API, .Net API and Web Services API

But beyond working with their Vault objects, I'm not entirely sure. I'm currently looking for more information on their Vault web services, and I think I need to register to be a Partner to get that information. I'll post a follow-up if I learn anymore.

Peder Rice
  • 1,764
  • 3
  • 28
  • 51
  • Just to clarify, we are a customer of Privileged Identity Management, but we are only interested in pulling data out of the Password Vault – Peder Rice Feb 10 '12 at 15:52
  • 3
    And I do have a follow-up: I was only able to access Cyber-Ark passwords using what is effectively screen-scraping. Cyber-Ark's vault access provides a .ashx interface that supports simple POST requests; if you provide the Vault ID and the User ID you're after, it returns a single line of text that includes the password. I can post what I have to GitHub so that you can take a look. – Peder Rice Oct 02 '13 at 07:17
  • can you post that? I'd love to see how you were able to do that. Thanks! – Ted Pennings Nov 20 '13 at 18:32
  • @PederRice Can we able to access the vault using PHP Script? if not will the Web Services API helpful for the alternative? – DonOfDen Jan 04 '14 at 19:53
  • link ends with asp you missing X in the end-- aspx http://www.cyber-ark.com/digital-vault-products/sim-suite/enterprise-integration-manager/features.aspx – Vladimir Potapov May 11 '14 at 09:22
2

You are suppose to purchase an API license per server to have read-only access to the vault for authorized applications.

They provide Java, C#, etc. libraries and you place authorization key material on the server to enable it access.

Rodney
  • 21
  • 1
2

It is called CyberArk Application Identity Manager, an entire sub-product. The only reference I could find:

http://lp.cyberark.com/rs/cyberarksoftware/images/ds-application-identity-manager-10-20-2014-en.pdf

julianm
  • 2,393
  • 1
  • 23
  • 24
0

CyberArk created Conjur. It is open source and free. It contains its own Vault and is intended for dynamic Application Access Management. In particular, Conjur and its upgrade Conjur Enterprise should secure the complete DevOps pipeline. The paid version can be integrated with the Vault solution (the PAS Core solution of CyberArk).

For static applications, CyberArk has the Credential Provider, Central Credential Provider and ASCP (I forgot the full name of it now). These solutions are agent based while Conjur is agentless. Because they are agent based, they are only intended for environments with comparatively slow changes as an agent needs to be installed on every server in order to provide the credentials from the Vault.

These solutions have REST API, CLI and SDK capabilities.

Alex_P
  • 2,580
  • 3
  • 22
  • 37