CyberArk: Get Password – cURL – Cert-Based Auth

Passwords can be retrieved from CyberArk credential provider using REST API.

In the following note i’ll show how to get account details, including password or SSH-key, from CyberArk safe from the command line using curl.

To authenticate on CyberArk i will use certificate-based authentication method.

Get Password from CyberArk

Use one of the following commands to get all account details or retrieve a password value only from CyberArk credential provider.

Get account details from CyberArk:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json'

Get password value only:

$ curl -sSf --cacert "{{CACert}}" --cert "{{Cert}}" --key "{{Key}}" \
  '{{BaseURL}}/AIMWebService/api/Accounts?AppID={{AppID}}&Safe={{Safe}}&Folder={{Folder}}&Object={{ObjectName}}' \
  -H 'Content-Type: application/json' | grep -Po '"Content":"\K[^"]+'

CyberARK Request Parameters

Parameter Description
AppID The unique ID of the application issuing the password request
Safe The name of the Safe where the password is stored
Folder The name of the folder where the password is stored (default: Root)
Object The name of the password object to retrieve

More available parameters can be found here.

cURL Options

Option Description
-s, --silent Don’t show progress meter or error messages
-S, --show-error When used with -s, --silent, it makes curl show an error message if it fails
-f, --fail Return an error if HTTP status code is not 200
-H, --header <header> Extra HTTP header to include in the request
--cacert <file> CA bundle file
--cert <file> Certificate file
--key <file> Key file
Was it useful? Share this post with the world!

3 Replies to “CyberArk: Get Password – cURL – Cert-Based Auth”

  1. Hi,
    This blog is really help me to GET only password from cyberark.
    Thanks Author.

    Lot Of Loves from Satya India.

  2. how do i get appid without admin access into cyberark system

    1. you don’t. Need the Admin to give you the AppID

Leave a Reply