Overview

CyberArk’s Secrets Manager Credential Providers, part of the Privileged Access Security solution, is used to eliminate hard coded application credentials embedded in applications, scripts or configuration files, and allows these highly-sensitive passwords to be centrally stored, logged and managed within the Vault. This unique approach enables organizations to comply with internal and regulatory compliance requirements of periodic password replacement, and monitor privileged access across all systems, databases and applications.

Our products portfolio

Credential Provider (CP) – Installed on the developer machine, the Credential Provider can securely retrieve the application’s secrets from the Vault for it to keep running without any downtime or functionality-loss. For more information, refer to Credential Provider.

Central Credential Provider (CCP) - Installed on a separate Windows server, CCP allows you to use the CP capabilities without the need to install it on each end user machine. The applications call the CCP to securely retrieve their credentials from the Vault during run-time. For more information, refer to Central Credential Provider.

Credential Provider vs. Central Credential Provider – which should I use?

In today’s environments, there is a variety of types of applications.

  • For business critical applications that require the highest level of availability, performance and security, it is recommended to use the Credential Provider. The Credential Provider, installed on each server running an application, enables the highest level of anti-tampering security mechanism, as well as high-availability and performance, using the secure local cache. Furthermore, the local cache enables high performance password requests and high-availability in the case of a network outage to the Vault.

  • For non-mission critical applications or when there are challenges deploying an agent on each server, it is recommended to use the Central Credential Provider. The Central Credential Provider, installed remote to the applications and on a central IIS server, alleviates the challenges of agents deployment. For increased availability and performance, the Central Credential Provider can be load balanced.