CyberArk Privilege Cloud Vault

  • Updated on May 27, 2025
  • Published on Jan 18, 2024
  • 2 minute(s) read
Prev Next

The CyberArk Privilege Cloud Vault integration enables Axonius to securely pull privileged credentials from CyberArk Privilege Cloud Vault. The integration helps to ensure that privileged credentials are secured in CyberArk Privilege Cloud Vault, rotated to meet company guidelines, and meet complexity requirements.

Description of Product Integration

Axonius uses the CyberArk Privilege Cloud API to fetch credentials from CyberArk Privilege Cloud Vault.

The credentials are only fetched by Axonius when:

  • Creating a new adapter connection
  • Updating an existing adapter connection
  • Running an enforcement set
  • Fetching asset information for adapters during discovery cycles

Axonius does not store the credentials anywhere and deletes any trace of credentials.


To enable fetching credentials from your CyberArk Privilege Cloud Vault, you need to:

  1. Install and configure CyberArk Privilege Cloud Vault.
  2. Configure login using CyberArk.
  3. Have 'read' permissions for the passwords.
  4. Enable and configure the External Password Managers - Enterprise Password Management Settings in Axonius.
  5. Configure adapter connection credentials to fetch passwords from CyberArk Privilege Cloud Vault.

Enable CyberArk Privilege Cloud Vault Integration

Follow the guidelines in External Password Managers - Enterprise Password Management Settings to enable CyberArk Privilege Cloud Vault integration and allow Axonius to securely pull privileged credentials from CyberArk Privilege Cloud Vault.

Working with CyberArk Privilege Cloud Vault

Once the CyberArk Privilege Cloud Vault integration is enabled in Axonius, a new CyberArk Privilege Cloud Vault icon will appear in all password fields when configuring adapters or configuring Enforcement sets, allowing you to enter a password manually or to fetch the secret from CyberArk Privilege Cloud Vault. If you have configured more than one domain (tenant) for this vault, a vault icon Vaulticon.png will appear in the password field (same as when you configure more than one password manager).

CyberArk%20PrivCloud

To fetch the password from CyberArk Privilege Cloud Vault:

  1. In a password field, click the CyberArk Privilege Cloud Vault icon. If you have configured more than one password manager (including more than one domain of the CyberArk Privilege Cloud), click the vault icon Vaulticon.png and select the required CyberArk Privilege Cloud Vault from the drop-down.
    ChooseVault.png

A CyberArk Privilege Cloud Vault dialog opens for the selected vault.

CyberArkValut2

  1. In the dialog, specify the following parameters:

    1. Account ID (required) - The account the password belongs to. It uses the endpoints login and get password.

  2. Click Fetch.

    • If the fetch is successful, a green indication is displayed next to the CyberArk Privilege Cloud Vault icon. Hovering over the CyberArk Privilege Cloud Vault icon shows the credentials that you input.
  • If the fetch is unsuccessful, a red indication is displayed next to the CyberArk Privilege Cloud Vault icon. Hovering over the Click CyberArk Privilege Cloud Vault icon shows the error.

CyberArkOnlineValut3

Note:
Typing or deleting any character in the textbox will change the password field back to a manual password input.