Passwords can be retrieved from CyberArk credential provider using REST API.
In the following note i’ll show how to get account details, including password or SSH-key, from CyberArk safe from the command line using curl.
To authenticate on CyberArk i will use certificate-based authentication method.
Get Password from CyberArk
Use one of the following commands to get all account details or retrieve a password value only from CyberArk credential provider.
Get account details from CyberArk:
$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
'{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
-H 'Content-Type: application/json'
Get password value only:
$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
'{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
-H 'Content-Type: application/json' | grep -Po '"Content":"\K[^"]+'
CyberARK Request Parameters
| Parameter | Description |
|---|---|
AppID | The unique ID of the application issuing the password request |
Safe | The name of the Safe where the password is stored |
Folder | The name of the folder where the password is stored (default: Root) |
Object | The name of the password object to retrieve |
More available parameters can be found here.
cURL Options
| Option | Description |
|---|---|
-s, --silent | Don’t show progress meter or error messages |
-S, --show-error | When used with -s, --silent, it makes curl show an error message if it fails |
-f, --fail | Return an error if HTTP status code is not 200 |
-H, --header <header> | Extra HTTP header to include in the request |
--cacert <file> | CA bundle file |
--cert <file> | Certificate file |
--key <file> | Key file |
扫一扫
1407
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
