Lazy loaded image
Collections
TheMediocreCoder/Sync-CyberArk-Password-Azure-KeyVault-Secret: Push / Update CyberArk Passwords to Azure Key Vault
00 min
Dec 4, 2023
Dec 7, 2023
type
status
date
summary
tags
category
URL
password
slug
icon

Sync CyberArk Passswords in Azure KeyVault

This CyberArk CPM plugin can push or update or sync passwords from CyberArk Vault to Azure Key Vault.

Prerequisites

  1. [Azure Az PowerShell Module] (https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-8.0.0)
  1. PowerShell version v5.0+
  1. CyberArk CPM - TPC
  1. Download the package and place below files in the CPM bin folder
  • UpdateAzKVProcess.ini
  • UpdateAzKVPrompts.ini
  • Update-AzKV.ps1
  1. Azure AD or AD account with permission to update the secret in Azure Key Vault
  1. Connection from CPM server to Azure (https://portal.azure.com)

Configuration

Add KeyVaultName and SecretName File Category in Vault Server

  1. Login to PrivateArk Client and click on File -> Server File Categories
notion image
  1. Add 2 new TEXT type File Category by clicking on New button and name them as KeyVaultName and the next one as SecretName
notion image

Create New Service Account Platform

  1. Using PrivateArk Client, Retrieve & Safe Policies.xml from PVWAConfig Safe. Edit the Policies.xml and add XML code from Add_Policies.xml (usage) to Policies.xml, inside the Usages tag.
    1. notion image
Note: Ensure you keep a backup of Policies.xml

Add Service Account Platform or Usage to the Account platform

On the desired platform add the Usage Update-AzKV and ensure SearchForUsage is set to Yes.
  1. To add the Usage. Login to PVWA as a Vault Admin, Navigate to Administration -> Platform Management -> Select the platform and Edit it. Expand UI & Workflows -> Right click on Usages and Add Update-AzKV
To check SearchForUsages, Edit Platform -> Automatic Password Management -> General
notion image
notion image

Add Azure Key Vault Usage

Once you have enabled the Update-AzKV Usage at platform level.
  1. Open the Account (in classic interface) whose password you want to push to Azure Key Vault
  1. Click on Update-AzKV
Add a usage with the details Key Vault Name & Secret Name
Associated the logon (Azure AD or AD) account which has permission to update the secret in the Azure Key Vault
notion image
Click on the Change button in the usage to test the push / update operation.
notion image
If SearchForUsage is set to Yes, on the next CPM performed password change, the password will be automatically updated in the Azure Key Vault.
上一篇
4 budget-savvy strategies for building an effective purple team | CSO Online
下一篇
Guidelines for secure AI system development - NCSC.GOV.UK