Ansible Roles

In today’s modern infrastructure, organizations are moving towards hybrid environments, which consist of multiple public clouds, private clouds and on-premise platforms.

CyberArk has created a tailored installation and deployment method for each platform to enable easy implementation. For example, CloudFormation templates enable easy deployment on AWS, while Azure Resource Manager (ARM) templates enable easy deployment on Azure. However, it is difficult to combine the different methods to orchestrate and automate a hybrid deployment.

PAS Orchestrator is a set of Ansible Roles which provides a holistic solution to deploying CyberArk PAM - Self-Hosted components simultaneously in multiple environments, regardless of the environment’s location.

The Ansible Roles are responsible for the entire deployment process, and can be integrated with the organization’s CI/CD playbooks.

End-to-end deployment

Each PAM - Self-Hosted component’s Ansible Role is responsible for the component end-to-end deployment, which includes the following stages for each component:

  • Copy the installation package to the target server
  • Installing prerequisites
  • Installing the component silently
  • Post installation procedure and hardening
  • Registration in the Vault

Ansible Roles for PVWA, CPM, PSM, and PTA

Use Ansible Roles to deploy PVWA, CPM, PSM, and PTA.

The roles are open source and can be found in the following links:

Ansible Role





Pas-orchestrator (example)


Install and deploy PTA with the PTA Ansible Role