-
Notifications
You must be signed in to change notification settings - Fork 0
/
env-vars.sh
78 lines (64 loc) · 2.55 KB
/
env-vars.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Edit this file substituting correct values for '<<YOUR_VALUE_HERE>>'
# set to 'true' for self-hosted PAM, 'false' for Pcloud
export SELF_HOSTED_PAM="false"
if $SELF_HOSTED_PAM; then
ENV_TAG="Self-Hosted"
# Base URL of your CyberArk Identity tenant
# e.g. https://myonpremserver.mycompany.com
SELF_HOSTED_BASE_URL='<<YOUR_VALUE_HERE>>'
else
ENV_TAG="Pcloud"
# Base URL of your CyberArk Identity tenant
# e.g. https://aao4987.id.cyberark.cloud
export IDENTITY_TENANT_URL='<<YOUR_VALUE_HERE>>'
# BaseURL of your CyberArk Privilege Cloud tenant
# e.g. https://mypcloud.cyberark.cloud
PCLOUD_TENANT_URL='<<YOUR_VALUE_HERE>>'
fi
###########################################################
# THERE SHOULD BE NO NEED TO CHANGE ANYTHING BELOW THIS LINE.
# ALL VALUES BELOW ARE DERIVED FROM THOSE ABOVE
# OR PROMPTED FOR.
###########################################################
###########################################################
# A CyberArk admin user is needed for all vault administration.
# The admin user must be a Service user & Oauth2 confidential client
# in CyberArk Identity and must be granted the Privilege Cloud Administrator
# role.
# Prompt for admin user name if not already set
if [[ "$CYBERARK_ADMIN_USER" == "" ]]; then
echo -n "Please enter the name of the CyberArk admin service user: "
read admin_user
export CYBERARK_ADMIN_USER=$admin_user
fi
# Prompt for admin password if not already set
if [[ "$CYBERARK_ADMIN_PWD" == "" ]]; then
echo -n "Please enter password for $CYBERARK_ADMIN_USER: "
unset password
while IFS= read -r -s -n1 pass; do
if [[ -z $pass ]]; then
echo
break
else
echo -n '*'
password+=$pass
fi
done
export CYBERARK_ADMIN_PWD=$password
fi
###########################################################
# Set CyberArk API URLS
if $SELF_HOSTED_PAM; then
export VAULT_API_URL=$SELF_HOSTED_BASE_URL/PasswordVault/API
export VAULT_API_URL_V1=$SELF_HOSTED_BASE_URL/PasswordVault/WebServices/PIMServices.svc
else
# Get Identity tenant ID and tenant subdomain name
tmp=$(echo $IDENTITY_TENANT_URL | cut -d'/' -f3)
IDENTITY_TENANT_ID=$(echo $tmp | cut -d'.' -f1)
tmp=$(echo $PCLOUD_TENANT_URL | cut -d'/' -f3)
CYBERARK_SUBDOMAIN_NAME=$(echo $tmp | cut -d'.' -f1)
export VAULT_API_URL=https://$CYBERARK_SUBDOMAIN_NAME.privilegecloud.cyberark.cloud/PasswordVault/api
export VAULT_API_URL_V1=https://$CYBERARK_SUBDOMAIN_NAME.privilegecloud.cyberark.cloud/PasswordVault/WebServices/PIMServices.svc
fi
##########################################################
# END