CyberArk Enterprise Password Vault

You can integrate Prisma Cloud with CyberArk Enterprise Password Vault (EPV). To retrieve passwords from the vault, Prisma Cloud uses the CyberArk Central Credential Provider (CCP) web service. Prisma Cloud supports CyberArk CCP version 12.1.0 with Digital Vault version 12.2.0. To integrate with CyberArk EPV, first configure Prisma Cloud to access CyberArk Enterprise Password Vault, then create rules to inject the relevant secrets into the relevant containers.
  1. In Console, go to
    Manage > Authentication > Secrets
    .
  2. Click
    Add store
    .
    1. Enter a name for the vault. This name is used when you create rules to inject secrets into specific containers.
    2. For
      Secret type
      , select
      CyberArk Enterprise Password Vault
      .
    3. In
      Settings
      , fill out the form as follows:
      1. Address: the address and port of the Central Credential Provider web service.
      2. Application ID: The application ID that Prisma Cloud should use to issue each password request. To configure this for CCP 12.1, see here.
      3. CA certificate (Optional): for an application configured to authenticate using a client certificate, the certificate of the CA that signed the CyberArk server’s certificate in PEM format. For more information about this authentication method for CCP 12.1 see here.
      4. Client certificate (Optional): for an application configured to authenticate using a client certificate, the client certificate in PEM format.
    4. Click
      Add
      .
      After clicking
      Add
      , Prisma Cloud tries conecting to your vault. If it is successful, the dialog closes, and an entry is added to the table. Otherwise, any connection errors are displayed directly in the configuration dialog.