Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Select an option

  • Save budgester/72de8ecdcb664a4e9430d5f6c5d46bf0 to your computer and use it in GitHub Desktop.

Select an option

Save budgester/72de8ecdcb664a4e9430d5f6c5d46bf0 to your computer and use it in GitHub Desktop.
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: cyberark-ccp
spec:
provider:
webhook:
url: "https://ccp.example.com/AIMWebService/api/Accounts\
?AppID=MyApp\
&Safe=MySafe\
&Object={{ .remoteRef.key }}"
method: GET
result:
jsonPath: "$.Content" # CCP returns the password in this field
caBundle: "..." # Base64 PEM CA cert if CCP uses internal TLS
# CCP can use client cert auth instead of a token
secrets:
- name: client-cert
secretRef:
name: ccp-client-cert
key: tls.crt
- name: client-key
secretRef:
name: ccp-client-cert
key: tls.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment