Provision a Key

You can provision a SSH key (user key, private key or key pair) to target hosts with optional vault integration.

Prerequisites:
  • Ensure Vault integration is already done.
  • Hosts should be in managed state.
  • The Provisioning to CyberArk requires CyberArk credentials to be configured with Auth Type: Basic in the CyberArk API Settings. It will not work if the API settings are configured with Auth Type: Certificate.

To provision a key:

  1. Go to Menu > SSH+ > INVENTORY > Key Inventory > User Key Inventory.
  2. From User Key Inventory, select a key you want to provision.
  3. Click the Actions dropdown menu, and then select the Provision Key option.
  4. In the Provision Key page, under Key Configuration, perform the following steps:
    1. Configure the hosts for the public and private configuration in the Destination Configuration section.
    2. Click Next.
  5. (Optional) Configure Vault Configuration as follows:
    • Only needed if you are using CyberArk or another PAM for secure credential storage.
    • If vault configuration is not required, click the Skip button.
    • Enter/select Vault details.
      Table 1. Vault Configuration - Field and Description Table
      Field Description
      Vault Vendor Select your PAM solution. For example: CyberArk.
      Vault Config Choose a pre-configured vault integration.
      Safe Name Enter CyberArk Safe where credentials are stored.
      User Name Username for the target system.
      PAM Account Name CyberArk-managed account used to connect to the target host.
      Server Address Enter the IP address or FQDN of the vault or target system.
    • Click Next.
  6. Under Review & Confirm, review all the configuration details and then click Confirm.