- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Audit
- Managing Credential Stores
- CyberArk® Integration
- CyberArk® CCP Integration
- Azure Key Vault Integration
- Actions
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Action Catalogs
- Profile
- System Administrator
- Identity Server
- Authentication
- Other Configurations
- Integrations
- Classic Robots
- Troubleshooting
Managing Credential Stores
Orchestrator Database
-
Click Create, Orchestrator database stores do not have any configurable properties.
CyberArk Store
- In the Name field, type a name for the new credential store.
- In the App ID field, enter the application ID for your Orchestrator instance from the CyberArk® PVWA (Password Vault Web Access) interface. See here for details.
- In the Safe field, enter the safe name as defined in the CyberArk® PVWA. See here for details.
- In the Folder field, enter the location in which your credentials are stored by CyberArk®.
-
Click Create. Your new credential store is ready for use.
CyberArk CCP
- In the Name field, type a name for the new credential store.
- In the App ID field, enter the application ID for your Orchestrator instance from the CyberArk® PVWA (Password Vault Web Access) interface. See here for details.
- In the CyberArk Safe field, enter the safe name as defined in the CyberArk® PVWA. See here for details.
- In the CyberArk Folder field, enter the location in which CyberArk® stores your credentials.
- In the Central Credential Provider URL field, enter the Central Credential Provider's address.
- In the Web Service Name field, enter the name of the Central Credential Provider web service. If you leave this field empty, the default name is used: AIMWebService.
- The Client Certificate needs to be configured when the the CyberArk Application uses the client certificate authentication method. The expected input is a
.pfx
file which stores the private and the public key of the certificate. The client certificate needs to be installed on the machine where CyberArk CCP AIMWebservice is deployed. - In the Client Certificate Password field, enter the password of the client certificate.
- The Server Root Certificate needs to be configured when a self signed Root CA certificate is used by the CyberArk CCP AIMWebService for incoming HTTP
requests. It is used in HTTPS TLS handshake certificate chain validation. The expected input is a
.crt
file which stores the root CA certificate public key. -
Click Create. Your new credential store is ready for use.
Azure Key Vault
Key Vault credential stores use RBAC type authentication. After you've created a service principal, perform these steps:
4. In the Name field, type a name for the new credential store.
https://<vault_name>.vault.azure.net/
.
6. In the Client Id field, enter the Application ID from your Azure AD App Registrations section where the Orchestrator app was registered.
7. In the Client Secret field, enter the secret needed to authenticate the client account entered in the previous step.
8. Click Create. Your new credential store is ready for use.
When using 2 or more credential stores, you have the ability to select which is the default store used for Robots and Assets. The same store may be used as the default for both, or you can select a different default store for each.
To select a default store, from the More Actions menu select Set as robots default store and/or Set as assets default store.
To delete a credential store, select Remove from the More Actions menu of the desired store.
If the selected store is in use a warning dialog will appear listing the number of robots and assets that will be affected. Click Delete to confirm the removal or Cancel to abort. Note that you must have at least one credential store active at all times, if only one is present than the option to delete it does not appear.