Skip to content

aslancarlos/OnBoardingAzureToPCloud

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
README.md
README.md
 
 
cyberark-secrets-onboarding.sh
cyberark-secrets-onboarding.sh
 
 
help.md
help.md
 
 

Repository files navigation

CyberArk Secrets Onboarding Script

Overview

This script is used exclusively to transfer accounts from Azure Key Vault to CyberArk PAM or CyberArk Privileged Cloud. The onboarding process is automated for accounts and secrets; however, the creation of targets in SecretsHub must be performed manually.

Prerequisites

Before using this script, ensure:

  1. This script automates the process of onboarding secrets from Azure Key Vault to CyberArk PAM or CyberArk Privileged Cloud.
  2. The SecretsHub platform must already be installed in CyberArk PAM or CyberArk Privileged Cloud as a prerequisite.
  3. Azure CLI is installed and authenticated. Follow the Azure CLI Installation Guide.
  4. CyberArk CLI (cybr) is installed. Refer to the cybr-cli GitHub Repository for installation instructions.
  5. You have the necessary permissions to access Azure and CyberArk resources.

Usage

General Syntax

./cyberark-secrets-onboarding.sh <command> [options]

Commands

1. List Resources

Perform listing operations for subscriptions, resource groups, key vaults, or secrets.

  • Subscriptions: List all subscriptions accessible to your account.

    ./cyberark-secrets-onboarding.sh list subscriptions

  • Resource Groups: List all resource groups in the current subscription.

    ./cyberark-secrets-onboarding.sh list resource

  • Key Vaults: List all key vaults within a specified resource group.

    ./cyberark-secrets-onboarding.sh list akv <resource-group>

  • Secrets: List all secrets stored in a specified key vault.

    ./cyberark-secrets-onboarding.sh list secrets <vault-name>

2. Set Subscription

Change the active subscription.

./cyberark-secrets-onboarding.sh set <subscription-id>

3. Tag Secrets

Apply CyberArk-compatible tags to all secrets in a specified key vault.

./cyberark-secrets-onboarding.sh tag <resource-group> <vault-name>

4. Onboard Secrets

Onboard secrets from a key vault into CyberArk Privileged Cloud.

./cyberark-secrets-onboarding.sh onboard <resource-group> <vault-name>

Example Workflows

Setting the CPM Server

Edit the script to define the CPM variable:

CPM="<your-cpm-server-name>"

Tagging Secrets in a Key Vault

To tag all secrets in a key vault:

./cyberark-secrets-onboarding.sh tag my-resource-group my-key-vault

Onboarding Secrets to CyberArk Privileged Cloud

To onboard secrets:

./cyberark-secrets-onboarding.sh onboard my-resource-group my-key-vault

Checking Prerequisites

The script automatically checks for required software and exits with instructions if any are missing.

License

This project is licensed under the Apache 2.0 License. See the LICENSE file for details.

Contact

For issues, suggestions, or contributions, contact: Aslan Ramos
aslan.ramos@cyberark.com

About

Ideas for extract the Secrets from Azure Key Vault to CSV and enable a file to import to CyberArk PAM

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages