Add a CyberArk Secrets Manager
You can use CyberArk for your Harness secrets. CyberArk protects all privileged account passwords and SSH keys in a highly-secure central repository to prevent the loss, theft or unauthorized sharing of these credentials.
In this topic:
- Before You Begin
- Step 1: Configure Secrets Manager
- Step 2: App ID
- Step 3: CyberArk URL
- Step 4: Client Certificate PEM
- Limitations
- Next Steps
Before You Begin
- See Harness Key Concepts.
- See Secrets Management Overview.
- Make sure that the Harness Delegate is able to connect to the CyberArk URL.
Step 1: Configure Secrets Manager
- Select Security > Secrets Management. The Secrets Management page appears.
- Click Configure Secrets Managers. In the resulting Secrets Managers page, the Status column indicates the Default provider.
- Click Add Secrets Manager. The Configure Secrets Manager dialog appears.
- Select CyberArk from the drop down list.
Step 2: App ID
The unique ApplicationId of the application.
Step 3: CyberArk URL
Enter the base URL of the server hosting CyberArk's Central Credential Provider.
If you encounter errors, try ending the base URL in a forward slash (/).
Step 4: Client Certificate PEM
A client certificate PEM is required if the App ID referenced is configured with authentication using a client certificate. Paste in the user credentials certificate to use for CyberArk connections. Use pbcopy to avoid any text formatting issues.
Step 5: Usage Scope
See Scope Secret Managers to Applications and Environments.
Limitations
When you use CyberArk as the Harness Secrets Manager, be aware that Harness is not be able to write new secrets, just read existing ones created directly via Cyberark. See Referencing Existing External Secrets.
Due to CyberArk API limitations, credentials for new Connectors and Cloud Providers are encrypted and stored in the Harness SecretStore instead of CyberArk.
You cannot create Harness Encrypted Files using CyberArk.