Reference » Integrations » Enterprise Password Vault
The CyberArk Digital Enterprise Password Vault® (EPV) integration with Conjur expands the CyberArk Privileged Account Security to the DevOps space and to modern and dynamic environments. Secrets that are stored and managed in the CyberArk Vault can now be shared with Conjur and used via its clients, APIs, and SDKs to enhance security and reduce risks for DevOps environments, including continuous integration and delivery (CI/CD) pipelines, containerized applications, and cloud platforms.
This integration provides the following benefits:
Enables CyberArk customers who store and manage their secrets in the Enterprise Password Vault (EPV) to benefit from Conjur capabilities to provide secrets in dynamic and ephemeral environments and containers.
Enables central policy enforcement for DevOps use cases, such as rotation, monitoring, and auditing.
How It Works
- Vault Admin creates LOB users and grants them ownership to specific safes. These LOBs facilitate the syncing of accounts to Conjur.
- The Synchronizer retrieves the accounts for these LOBs.
- The Synchronizer generates a Conjur policy (YAML file) for these LOBs that contains the secrets defined as variables, and loads them to Conjur.
- The Synchronizer syncs the accounts to Conjur as Conjur variables.
- The Conjur LOB Admin creates and loads a Conjur policy that delegates users and hosts permissions to the variables.
During each sync interval, the Synchronizer repeats step 2 and, if needed, steps 3 and 4.
For complete documentation, see: