Integrating with CyberArk Enterprise Password Vault
CyberArk Enterprise Password Vault (CyberArk Vault) is a third-party application, which enables you to centrally manage credentials for the various systems that are installed in your environment. BMC Discovery provides an integration with CyberArk Vault to obtain credentials that are required to perform scans.
The integration eliminates the need for performing duplicate tasks of using an external import or export mechanism to obtain the credentials that are stored in CyberArk Vault. The CyberArk Vault also enables you to employ the password management policies required for your organization.
CyberArk uses the term Vault to refer to the CyberArk server component, which holds information securely (All "Safes" reside in the Vault). This should not be confused with the BMC Discovery Vault.
See this video (4:40) for a demonstration of the integration between BMC Discovery and the CyberArk Vault.
To integrate CyberArk Vault with BMC Discovery
- Install and configuring the CyberArk Application Identity Manager Provider – In the BMC Discovery application, first install the AIM component and configure the settings first to prepare BMC Discovery to get the credentials from CyberArk.
- Enable and test CyberArk Integration from BMC Discovery– In the BMC Discovery application, complete the integration configuration by enabling and testing the connection.
- Configure BMC Discovery to use CyberArk credentials–After the connection is successful, you configure credentials in BMC Discovery that in turn fetches credentials from CyberArk. Instead of using a username and password, you use a query to perform the task.
CyberArk Vault log settings
Busy BMC Discovery systems take many credentials from the CyberArk Vault and as a result create many log file entries. In such systems, the default CyberArk log retention policies may allow the logs, which are stored on the BMC Discovery appliance, to become very large and fill up available disk space. You can prevent this happening by changing the following log retention settings to a shorter time than the default, for example, change them to seven days:
You can change these settings in the CyberArk Vault. See the CyberArk documentation for details on how to do this.