urbancode-conjur-aim
A plugin which allows UrbanCode Deploy to get credentials from EPV via AIM, and to get secrets from Conjur for setting up a CI/CD workflow
Compiling Source
gradle
Installation
- Login to UrbanCode Deploy web portal and go to "Settings > Automation Plugins"
- Click "Load Plugin". Select the complied plugin file and click "Submit"
- A new plugin named "CyberArk" is installed
Usage
The plugin can be used in process designer of "Process" & "Components", by dragging from the left menu area under "Security > CyberArk
AIM
Get Password from Vault
This function allows credentials to be retrieve from Vault server via AIM CP.
Input Fields
| Name | Description | Example |
|---|---|---|
| Name | Name of the step | Get Password from Vault |
| Path | Absolute file path to clipasswordsdk | /opt/CARKaim/sdk/clipasswordsdk |
| Safe | Safe of the credential stored | DevOps |
| Folder | Folder of the credential stored | Root |
| Object | Name of the credential object | Website-Conjur-httpseval.conjur.org-cf-spring-app-01 |
| AppID | AppID defined in PVWA | UCD |
| Output Property - Password | Property for storing retrieved credential | CyberArk/Vault/Password |
| Output Property - User Name | Property for storing retrieved username | CyberArk/Vault/User |
| Output Property - Address | Property for storing retrieved address | CyberArk/Vault/Address |
Output Fields
| Name | Description |
|---|---|
| <specified by "Output Property - Password", e.g. CyberArk/Vault/Password> | Value of the credential |
| <specified by "Output Property - User Name", e.g. CyberArk/Vault/User> | User Name of the credential |
| <specified by "Output Property - Address", e.g. CyberArk/Vault/Address> | Address of the credential |
Conjur
Authenticate Conjur
This step gets a short-lived access token, which can be used to authenticate requests to (most of) the rest of the Conjur API. A client can obtain an access token by presenting a valid login name and API key.
Input Fields
| Name | Description | Example |
|---|---|---|
| Name | Name of the step | Authenticate Conjur |
| Account | Organization account name | |
| Login | Host name for authenicating Conjur | cf-spring-app-01 |
| API Key | API Key for authenicating Conjur | |
| Conjur URL | URL of Conjur cluster | https://eval.conjur.org |
| Proxy | Proxy address for calling Conjur REST API. Leave it blank if direct connection is allowed | ipv4.124.244.113.228.hybrid-web.global.blackspider.com:80 |
| Output Property - Access Token | Property for storing the return access token | CyberArk/Conjur/AccessToken |
Output Fields
| Name | Description |
|---|---|
| <specified by "Output Property - Access Token", e.g. CyberArk/Conjur/AccessToken> | Short-lived access token |
Get Variable from Conjur
Input Fields
| Name | Description | Example |
|---|---|---|
| Name | Name of the step | Get Variable from Conjur |
| Account | Organization account name | |
| Access Token | Short-lived access token | |
| Variable ID | ID of the variable | db/prod/pws/db01/serviceA |
| Conjur URL | URL of Conjur cluster | https://eval.conjur.org |
| Proxy | Proxy address for calling Conjur REST API. Leave it blank if direct connection is allowed | ipv4.124.244.113.228.hybrid-web.global.blackspider.com:80 |
| Output Property - Variable | Property for storing the value of the secret | CyberArk/Conjur/Variable |
Output Fields
| Name | Description |
|---|---|
| <specified by "Output Property - Variable", e.g. CyberArk/Conjur/Variable> | Value of the secret |