APIKeyManager Utility


The APIKeyManager utility is a command line tool that generates and maintains an asymmetric key pair which provides a secure way for automated API calls and scripts, as well as CyberArk clients, to connect and authenticate to the Vault.

The private key is stored locally for use by the script or CyberArk client, while the public key is stored in the Vault. Both keys are associated with a username that was previously created in the Vault and used for API authentication.

This utility enables users to:

  • Create a key pair and store the public key in the Vault (e.g. during a component registration, or manual key rotation)

  • Create a key pair and save the public key locally (e.g. when the key registration will be performed by another person or process)

  • Store a previously created public key in the Vault (e.g. when the key was generated by another person or process)

  • Revoke an existing key pair





The APIKeyManager utility sends information and error messages to the console, as well as maintaining a log file that contains all types of messages (debug, warning, info, error). This log file is called apikeymanager.log and is stored in the 'Logs' folder with the utility executable.

When the log file reaches 5MB, a backup version of the current log file is saved and a new log file is created. Only one backup file is saved.