Skip to main content Skip to complementary content

Setting Vault parameters for CyberArk

Select a group for each type of operations and configure the connection fields accordingly.

Before you begin

You have selected CyberArk in the Vault provider field.

Procedure

  1. Click Set Vault parameters in Vault configuration.
  2. Select a group for each operation type.
    Group Description
    DISABLED Your data remains encrypted.
    READ_ONLY Your data is managed by the Vault administrator. Talend Administration Center retrieves the data from Vault and uses it.

    For example, there is the Vault database password named db_pass. To use it in Talend Administration Center, you need to add VAULT_db_pass in the Password field in Database parameters or directly in the configuration.properties file. Talend Administration Center will understand that the password is in Vault and will retrieve it using the Vault REST API.

    WRITE Your data is completely managed by Talend Administration Center. Talend Administration Center will create, update, read, or delete your data.

    When the migration to Vault completes successfully, all encrypted data related to the WRITE group is decrypted and transferred to Vault. IDs from Vault are stored in Talend Administration Center.

    For example, if you select WRITE for the DB password operations, after inserting a password in Database parameters, the values will be stored in Vault by Talend Administration Center and the password ID from Vault will be stored in the configuration.properties file.

  3. Fill in the following connection fields depending on the groups selected previously:
    • Cyberark safe and Vault URL: you need to provide the CyberArk Safe and the Vault URL when you select the READ_ONLY or WRITE groups for an operation type.
    • Cyberark appid: you need to provide the CyberArk application ID when you select the READ_ONLY group for an operation type and to configure the certificate in the configuration.properties file as follow:
      ###############################################################
      # SECURED CONNECTION CONFIGURATION
      ###############################################################
      keystore.path=C:\Users\<username>\Desktop\cyberark\client_1-28.p12
      keystore.password=ENC_qT3DQLVJczo8Yaiyr9hNRkjUxtUexJ7rOA/iXFe96+wC/Kyilw==
      #truststore.path=c:/truststore
      #truststore.password=changetruststorepass
      tls.disableCNCheck=false
      tls.trustAllCerts=true
      use.tls.only=false
    • Username and Password: you need to provide your username and password when you select WRITE for an operation type.

What to do next

If you have selected WRITE for at least one of the password operation types during this procedure, you need to launch the migration of your data to Vault.
Information noteNote: There is no migration when you have selected only READ_ONLY and DISABLED.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!