CyberArk Dynamic Access Provider (DAP)

  • What is it?
  • Why do I need it?
  • How do I use it?

Agenda:

What is it?

Why do I need it?

Cyberark is a secrets* management tool.  It allows you to house your secrets securely, accessing them at app start up to be used within the app.

* secrets include but are not limited to passwords, tokens, keys, ids...

  1. Keeps your passwords out of GitHub!
  2. Adds an extra layer of security between your app and your secrets.
  3. 'Easier' to update / add new secrets.
  • Engage the CyberArk Team to
    • Onboard your PCF Space
      • $ cf org --guid my-org
      • $ cf space --guid my-space
      • Include the LDAPs for LLC access

    • Create your secrets variables / placeholders

Cyberark Setup

  • Submit ARP for your CyberArk SAFE dedicated
  • Set the value of your secret(s) in CyberArk

    • Production: https://pim.homedepot.com/passwordvault

    • Non-Production: https://pim-qa.homedepot.com/passwordvault

    • Bind the new Cyberark service

https://portal.homedepot.com/sites/Cyberark/Documents/CyberArk_DAP_PCF_EndUserGuide.pdf https://homedepot.service-now.com/thd?id=thd_sc_cat_item&sys_id=96e2ffb61b45c814df4d744fdc4bcbb6

 

  • Create the Cyberark service in PCF

    • cf create-service cyberark-conjur community cyberark-dap

How do I use it with PCF?

  • Update manifest.yml
    • Buildpack
    • Bind the new service
  • Prepare the secrets.yml file(s)
  • PCF Logs From Start Up
Made with Slides.com