TheMediocreCoder/Sync-CyberArk-Password-Azure-KeyVault-Secret: Push / Update CyberArk Passwords to Azure Key Vault | Effective Notes

Collections

TheMediocreCoder/Sync-CyberArk-Password-Azure-KeyVault-Secret: Push / Update CyberArk Passwords to Azure Key Vault

00 min

Dec 7, 2023

type

status

date

summary

tags

category

URL

password

slug

icon

Sync CyberArk Passswords in Azure KeyVault

This CyberArk CPM plugin can push or update or sync passwords from CyberArk Vault to Azure Key Vault.

Add Azure Key Vault Usage

Prerequisites

[Azure Az PowerShell Module] (https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-8.0.0)

PowerShell version v5.0+

CyberArk CPM - TPC

Download the package and place below files in the CPM bin folder

UpdateAzKVProcess.ini

UpdateAzKVPrompts.ini

Update-AzKV.ps1

Azure AD or AD account with permission to update the secret in Azure Key Vault

Connection from CPM server to Azure (https://portal.azure.com)

Configuration

Add KeyVaultName and SecretName File Category in Vault Server

Login to PrivateArk Client and click on File -> Server File Categories

notion image

Add 2 new TEXT type File Category by clicking on New button and name them as KeyVaultName and the next one as SecretName

notion image

Create New Service Account Platform

Using PrivateArk Client, Retrieve & Safe Policies.xml from PVWAConfig Safe. Edit the Policies.xml and add XML code from Add_Policies.xml (usage) to Policies.xml, inside the Usages tag.

notion image

Note: Ensure you keep a backup of Policies.xml

Add Service Account Platform or Usage to the Account platform

On the desired platform add the Usage Update-AzKV and ensure SearchForUsage is set to Yes.

To add the Usage. Login to PVWA as a Vault Admin, Navigate to Administration -> Platform Management -> Select the platform and Edit it. Expand UI & Workflows -> Right click on Usages and Add Update-AzKV

To check SearchForUsages, Edit Platform -> Automatic Password Management -> General

notion image

notion image

Add Azure Key Vault Usage

Once you have enabled the Update-AzKV Usage at platform level.

Open the Account (in classic interface) whose password you want to push to Azure Key Vault

Click on Update-AzKV

Add a usage with the details Key Vault Name & Secret Name

Associated the logon (Azure AD or AD) account which has permission to update the secret in the Azure Key Vault

notion image

Click on the Change button in the usage to test the push / update operation.

notion image

If SearchForUsage is set to Yes, on the next CPM performed password change, the password will be automatically updated in the Azure Key Vault.

4 budget-savvy strategies for building an effective purple team | CSO Online

Guidelines for secure AI system development - NCSC.GOV.UK

Guidelines for secure AI system development - NCSC.GOV.UK

Author:NetSec
URL:https://blog.51sec.org/article/7fb1006c-9bac-4741-bb95-61c345f67d51
Copyright:All articles in this blog, except for special statements, adopt BY-NC-SA agreement. Please indicate the source!

Relate Posts

同时使用国内CDN和Cloudflare - 夏日冰菓

4 tabletop exercises every security team should run | CSO Online

微软Azure订阅如何添加超级协助管理账号 - 如有乐享

ired.team 红队笔记渗透测试备忘单

Incident-Response-Powershell 应急响应脚本

Cloudfalre Access应用问题一二 » 老E的博客

Catalog

你好！我是

NetSec

🎉Effective Thinking🎉

Thanks for your visiting!

👏welcome from Netsec👏

Cybersecurity Memo Blog

Catalog

交流频道

加入我们的社群讨论分享

点击加入社群

Latest posts

⁴⁹

³³

²⁴

¹⁸

¹²

¹¹

⁸

⁷

⁵

⁵

⁵

⁵

³

³

¹

¹

文章数:

125

建站天数:

499 天