Passwords can be retrieved from CyberArk credential provider using REST API.
In the following note i’ll show how to get account details, including password or SSH-key, from CyberArk safe from the command line using curl.
To authenticate on CyberArk i will use certificate-based authentication method.
Get Password from CyberArk
Use one of the following commands to get all account details or retrieve a password value only from CyberArk credential provider.
Get account details from CyberArk:
$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
'{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
-H 'Content-Type: application/json'
Get password value only:
$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
'{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
-H 'Content-Type: application/json' | grep -Po '"Content":"\K[^"]+'
CyberARK Request Parameters
| Parameter | Description |
|---|---|
AppID |
The unique ID of the application issuing the password request |
Safe |
The name of the Safe where the password is stored |
Folder |
The name of the folder where the password is stored (default: Root) |
Object |
The name of the password object to retrieve |
More available parameters can be found here.
cURL Options
| Option | Description |
|---|---|
-s, --silent |
Don’t show progress meter or error messages |
-S, --show-error |
When used with -s, --silent, it makes curl show an error message if it fails |
-f, --fail |
Return an error if HTTP status code is not 200 |
-H, --header <header> |
Extra HTTP header to include in the request |
--cacert <file> |
CA bundle file |
--cert <file> |
Certificate file |
--key <file> |
Key file |
Hi,
This blog is really help me to GET only password from cyberark.
Thanks Author.
Lot Of Loves from Satya India.
how do i get appid without admin access into cyberark system
you don’t. Need the Admin to give you the AppID