Customize the secret naming convention (optional)

Secrets Hub uses the secret name as a unique identifier when performing a sync process. As such, the secret name is a crucial element in the sync process, as it maps the secrets between CyberArk PAM to AWS Secrets Manager or Azure Key Vault.

By default, the name of the secret in AWS Secrets Manager or Azure Key Vault is made up of the PAM Safe and CyberArk account names. This convention can be inconvenient if you already have secrets defined in AWS Secrets Manager or Azure Key Vault and you do not wish to change their name. Retaining the secrets' original name makes it easier for the DevOps who use these secrets.

To retain the original secret name as defined in AWS Secrets Manager or Azure Key Vault you need to import a custom Secrets Hub platform into PAM .

You must have CPM to use this capability.

The sole purpose of this platform is to make the SecretNameInSecretStore property available. Do not use this platform when creating CyberArk accounts. You can delete or deactivate this platform after you've successfully imported it.

You need to import the platform only once.

Required permissions in Privilege Cloud

You need the following permissions to perform this task:


Required permission

Create a custom name for the secret

Admin permissions to import and edit platforms

Step 1: Import the Secrets Hub platform

Download the platform from Marketplace, and follow the instructions in Import a platform.

Step 2: Add the secret name property to the relevant platforms

The Secrets Hub platform that you imported includes a property named SecretNameInSecretStore. Now that the property is in PAM, you can add it to all the platforms that are associated with the CyberArk accounts that will hold your secrets.

Make sure to add the SecretNameInSecretStore property to the platform before you create the account in PAM (if the account does not already exist), and before you create the target secret store.

Edit the relevant platform as described in Edit a platform, and add the SecretNameInSecretStore property to the platform. Enter the following display name for the property: Secret Name In Target Secret Store.

when creating the new account in Privilege Cloud, make sure that the value in Secret Name In Target Secret Store is identical to the secret name in the target secret store. This name replaces the default naming convention.