CLI Application Password SDK

The CLI Application Password SDK enables you to access passwords through the Credential Provider from a command line interface.

For examples and syntax, see Examples and syntax - CLI.

Supported platforms

For a full list of supported platforms for which the CLI Application Password SDK for the Credential Provider is released, see Application Password SDKs.

Set up the CLI Application Password SDK

During Credential Provider installation, the CLI Application Password SDK is stored in the following folder and is ready for use immediately afterwards:

Linux/UNIX

opt/CARKaim/sdk

Windows

<CP installation path>\CyberArk\ApplicationPasswordSdk

For more information about setting up the environment before using the SDK, refer to Build the environment for the Credential Provider.

Restrict trusted shells to run the CLI password SDK

When using path and/or hash application authentications, the CLI Password SDK restricts the shells that are allowed to request a password in the TrustedCLIShells parameter in order to allow security workflows to be enforced. This feature is enabled by default, and restricts password requests to be run using the following shells:

Linux/UNIX
TrustedCLIShells="/bin/bash","/bin/csh","/bin/tcsh","/bin/ksh","/bin/sh","/usr/bin/bash","/usr/bin/csh","/usr/bin/tcsh","/usr/bin/ksh","/usr/bin/sh"
Windows
TrustedCLIShells="c:\windows\system32\cmd.exe","c:\windows\syswow64\cmd.exe","c:\windows\system32\wscript.exe","c:\windows\syswow64\wscript.exe","c:\windows\system32\cscript.exe","c:\windows\syswow64\cscript.exe","c:\windows\system32\windowspowershell\v1.0\powershell.exe","c:\windows\syswow64\windowspowershell\v1.0\powershell.exe"

To override this feature, add the TrustedCLIShells parameter to the main configuration file with a list of values of shells that are allowed to request passwords.

For example:

 
[Main]
TrustedCLIShells="/bin/customShell1","/bin/customShell2"

Use the CLI Application Password SDK

  • From a command line, run the CLI utility with the relevant parameters.

After the function runs successfully, it will display the output fields as requested in the command. If it fails, it will display an error message.