Using CyberArk for Credential Management Service

Use the credential management service, CyberArk Application Access Manager, to achieve the security in storing the passwords, automatically replace the passwords, and so on. The CyberArk credential management service is more secure than the passwords in clear text format stored in the configuration files.

Before you begin
  • Set up the CyberArk account to create a password. To know more, visit the https://www.cyberark.com/ website.
  • Configure the following environment variables for your application in TIBCO Cloud™ Integration. To set the engine variables, refer the Adding Custom Properties section in the Configuring App Properties topic.

    • APP_CONFIG_PROFILE = Name of the application profile to be used

    • CYBERARK = Set to true to enable CyberArk credential management service

Follow these steps to modify the properties of a field type password.
  • To fetch the password from the credential management service, in the application property editor, select the property of type Password and click .
  • Choose the Credential Management option.

    The Set Credential Management icon is displayed next to the password type field.

  • Click the Set Credential Management icon. The Credential Management window is displayed.
    After implementing Java methods, you can proceed to design the process in the Process Editor.

  • On the Credential Management window, select the credential management service provider, CyberArk, and enter the Cyberark URL in the URL field.

  • Click OK.

    • Note: The query URL configured for a property can be updated during deployment by passing it as an environment variable. The name of the environment variable should be same as the name of the property that needs to be updated.

    To update the CyberArk URL, the format for the environment variable is as follows <ApplicationModuleName>_<ApplicationProfileName>_<PropertyName>= NEW URL.

    If the module property or property name has a slash (/) or dot (.) as a separator in between it should be replaced with the underscore (_) separator. For example, an application cyberark.test.application is having a property in under newGroup/newProperty Groups and the profile is set to default. The environment variable should be cyberark_test_default_newGroup_newProperty=<Updated URL>.