CyberArk: Get Password – cURL – Cert-Based Auth

Passwords can be retrieved from CyberArk credential provider using REST API.

In the following note i’ll show how to get account details, including password or SSH-key, from CyberArk safe from the command line using curl.

To authenticate on CyberArk i will use certificate-based authentication method.

Get Password from CyberArk

Use one of the following commands to get all account details or retrieve a password value only from CyberArk credential provider.

Get account details from CyberArk:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json'

Get password value only:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json' | grep -Po '"Content":"\K[^"]+'

CyberARK Request Parameters

Parameter	Description
AppID	The unique ID of the application issuing the password request
Safe	The name of the Safe where the password is stored
Folder	The name of the folder where the password is stored (default: Root)
Object	The name of the password object to retrieve

More available parameters can be found here.

cURL Options

Option	Description
-s, --silent	Don’t show progress meter or error messages
-S, --show-error	When used with -s, --silent, it makes curl show an error message if it fails
-f, --fail	Return an error if HTTP status code is not 200
-H, --header <header>	Extra HTTP header to include in the request
--cacert <file>	CA bundle file
--cert <file>	Certificate file
--key <file>	Key file