Skip to main content

CyberArk Conjur Configuration

Set up an External Vault Connection

In this chapter, you will connect DCM to your CyberArk Conjur instance, so that later you can fetch authentication data from CyberArk Conjur to your workflow.

  1. Open DCM by going to File - Manage Connections.

  2. Select External Vaults.

  3. Select the + New button to add a new Vault to DCM.

  4. Choose the CyberArk Conjur technology.

  5. Enter a custom name for this Vault connection.

  6. Next, enter the URL where your CyberArk Conjur is located and select Save.

    Both HTTP and HTTPS are supported, although with HTTPS, make sure you have a valid certificate configured on your machine in the Windows certificate store is used, or all instances are trusted. installed locally on each machine connecting to Conjur. No need to manually import/enter the certificate into DCM directly. More on Conjur certificates here.

    For examplehttps://127.0.0.1:3000

  7. Select + Connect Credential and choose Create New Credential in the Credential dropdown.

  8. Fill in the fields (the username and password you use to access CyberArk Conjur).

  9. Select Create and Link.

    From now on, you will be able to select this newly created Vault when you create new Credentials.

Cyberark Configuration_1

Create New Credential with an External Vault

In this chapter, you will create a new DCM Credential, which will use the External Vault connection to get authentication data from CyberArk Conjur.

  1. Open DCM by going to File - Manage Connections.

  2. Select Credentials in the top-left corner.

  3. Select the + Add Credential button to add a new Credential.

  4. Enter a name for your new Credential.

  5. In the Vault dropdown, choose the Conjur instance you created in the previous chapter.

  6. Fill in the Vault Path field with the path to the authentication data in your CyberArk Conjur. The path should always be prefixed by the account name followed by the text “variable”, followed by the actual path under that account, in order to reach the right Conjur secret.

    For example, if I have a username and password for my Microsoft SQL database saved in Conjur, the path could be this: "alteryx/variable/sql/userpass"

  7. Next, choose your preferred Method of authentication. This method should match the authentication data you want to fetch from Conjur.

    For example, if I want to get the Username and Password from Conjur, I will select the "Username and password" option.

  8. Make sure the Use Values from Vault checkbox is enabled, if you want the authentication data to be fetched from Conjur. Then, each corresponding field should contain the key, under which is the value saved in your Conjur.

    For example, if my Username is saved in Conjur under a key named "SQLUsername1", then I will check "Use Values from Vault" and enter "SQLUsername1" in the Username field.

  9. Select Save.

    From now on, you will be able to use this newly created Credential for a corresponding Data Source when you configure a workflow tool.

Cyberark Configuration_2

Use the Credential in a Workflow

In this chapter, you will use your new Credential in a workflow. This flow is identical to using a Credential stored in DCM.

  1. Start by creating a new Workflow, and adding some input or output data tools.

    For example, I can add an Input Data tool

  2. Make sure the tool is configured to use DCM (enable the Use Data Connection Manager (DCM) checkbox in my Input Data tool).

  3. Setting up your connection, choose your desired technology.

    For example, I will select "MSSQL Server Quick Connect" in my Input Data tool

  4. Once the Connection Manager window opens, choose an existing Data Source or create a new one.

  5. Select + Connect Credential and choose the credential created in the previous chapter (the one that gets authentication data from Conjur).

    For example, I will select the Credential that I named "John's MSSQL creds".

  6. Select Create and Link.

  7. Selet Connect.

  8. Now, the connection is set up. You can proceed to configure any specific details related to your data source technology (e.g. select database table, record limit, etc.).

    Once your workflow is ready, run it to see if you correctly authenticate to your Data Source using Credentials obtained from your CyberArk Conjur.