CyberArk Safe Manager

Configuring CyberArk Safe Manager

Secrets are retrieved through HTTP via the REST API. There must be an established endpoint on the client side.

To enable use of the CyberArk vault, you must first set the following environment variables:

CYBERARK_URI (required)
Base URI of the CyberArk PVWA REST API endpoint. Example: https://pvwa.example.com/passwordvault/api

CYBERARK_APP_ID (required)
Application ID registered in CyberArk that identifies and authorizes this application to retrieve secrets.

Additional optional environment variables:

• CYBERARK_SAFE: Name of the Safe containing the target account.
• CYBERARK_FOLDER: Folder within the Safe where the account is stored.
• CYBERARK_USERNAME: Username of the target account to retrieve.
• CYBERARK_ADDRESS: Host or IP of the target system associated with the account.
• CYBERARK_DATABASE: Database name when retrieving database credentials.
• CYBERARK_POLICY_ID: Policy identifier used for access and retrieval rules.
• CYBERARK_REASON: Audit reason message logged with the retrieval request.
• CYBERARK_CONNECTION_TIMEOUT: Connection timeout for REST API requests.
• CYBERARK_QUERY: Filter expression to select the desired account.
• CYBERARK_QUERY_FORMAT: Format of the query expression used by CYBERARK_QUERY.
• CYBERARK_FAIL_REQUEST_ON_PASSWORD_CHANGE: Whether to fail if the password is being changed.