This CyberArk CPM plugin can push or update or sync passwords from CyberArk Vault to Azure Key Vault.
- [Azure Az PowerShell Module] (https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-8.0.0)
- PowerShell version v5.0+
- CyberArk CPM - TPC
- Download the package and place below files in the CPM bin folder
- UpdateAzKVProcess.ini
- UpdateAzKVPrompts.ini
- Update-AzKV.ps1
- Azure AD or AD account with permission to update the secret in Azure Key Vault
- Connection from CPM server to Azure (https://portal.azure.com)
- Login to PrivateArk Client and click on File -> Server File Categories
- Add 2 new TEXT type File Category by clicking on New button and name them as KeyVaultName and the next one as SecretName
- Using PrivateArk Client, Retrieve & Safe Policies.xml from PVWAConfig Safe. Edit the Policies.xml and add XML code from Add_Policies.xml (usage) to Policies.xml, inside the Usages tag.
Note: Ensure you keep a backup of Policies.xml
On the desired platform add the Usage Update-AzKV and ensure SearchForUsage is set to Yes.
- To add the Usage. Login to PVWA as a Vault Admin, Navigate to Administration -> Platform Management -> Select the platform and Edit it. Expand UI & Workflows -> Right click on Usages and Add Update-AzKV
- To check SearchForUsages, Edit Platform -> Automatic Password Management -> General
Once you have enabled the Update-AzKV Usage at platform level.
- Open the Account (in classic interface) whose password you want to push to Azure Key Vault
- Click on Update-AzKV
- Add a usage with the details Key Vault Name & Secret Name
- Associated the logon (Azure AD or AD) account which has permission to update the secret in the Azure Key Vault
- Click on the Change button in the usage to test the push / update operation.
If SearchForUsage is set to Yes, on the next CPM performed password change, the password will be automatically updated in the Azure Key Vault.