CyberArk: Get Password – cURL – Cert-Based Auth

Passwords can be retrieved from CyberArk credential provider using REST API.

In the following note i’ll show how to get account details, including password or SSH-key, from CyberArk safe from the command line using curl.

To authenticate on CyberArk i will use certificate-based authentication method.

Get Password from CyberArk

Use one of the following commands to get all account details or retrieve a password value only from CyberArk credential provider.

Get account details from CyberArk:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json'

Get password value only:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json' | grep -Po '"Content":"\K[^"]+'

CyberARK Request Parameters

Parameter Description
AppID The unique ID of the application issuing the password request
Safe The name of the Safe where the password is stored
Folder The name of the folder where the password is stored (default: Root)
Object The name of the password object to retrieve

More available parameters can be found here.

cURL Options

Option Description
-s, --silent Don’t show progress meter or error messages
-S, --show-error When used with -s, --silent, it makes curl show an error message if it fails
-f, --fail Return an error if HTTP status code is not 200
-H, --header <header> Extra HTTP header to include in the request
--cacert <file> CA bundle file
--cert <file> Certificate file
--key <file> Key file