Skip to content

Fixing issue 473 by allowing rotating vault component users only#474

Open
Ethlas wants to merge 5 commits intocyberark:mainfrom
Ethlas:main
Open

Fixing issue 473 by allowing rotating vault component users only#474
Ethlas wants to merge 5 commits intocyberark:mainfrom
Ethlas:main

Conversation

@Ethlas
Copy link
Copy Markdown
Contributor

@Ethlas Ethlas commented Apr 20, 2026

This script fixes issue #473

Desired Outcome

Created the logic to rotate credentials in the vault using similar logic as the reset credentials remotely.

Implemented Changes

Describe how the desired outcome above has been achieved with this PR. In
particular, consider:

  • What's changed? Why were these changes made? Created a new script to be used post migrations to ensure C/CP have their password changed. Please note, this does not need to be done only for migrations but that is the primarily reason
  • How should the reviewer approach this PR, especially if manual tests are required? Run the tool and see if the components password has changed. Please note, you can change all component password which you should not be doing unless it is a migration.
  • Are there relevant screenshots you can add to the PR description? No

Connected Issue/Story

Resolves #[relevant GitHub issue(s), e.g. 76] #473

CyberArk internal issue ID: [insert issue ID] #473

Definition of Done

Closing an issue

Changelog

  • The CHANGELOG has been updated, or

  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

    there is no Changelog file to update.

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Tested on a privilege cloud tenant post migration. passwords were rotated. Please note, if you want to run this with installeruser you have to use cyberark credentials not identity token.

Documentation

  • [X ] Docs (e.g. READMEs) were updated in this PR

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

Ethlas added 2 commits April 20, 2026 12:57
@Ethlas
Add files via upload
0ffc43e 
This script fixes issue cyberark#473
@Ethlas
Including Invoke-ComponentUserPasswordReset
ec5a452 
Invoke-ComponentUserPasswordReset is a new script that can be ran outside of the remote workflow. This is useful if there is no access to the machines themselves by the admin user of cyberark.
@Ethlas
Copy link
Copy Markdown
Contributor Author

Ethlas commented Apr 20, 2026

Do not merge it yet, I want to do a final testing again just in case.

@Ethlas
Copy link
Copy Markdown
Contributor Author

Ethlas commented Apr 21, 2026

Fully tested, cannot be used with installeruser (as token cannot be used with installer user, and cybeark auth does not seem to work correctly, it works with any other pcloud admin).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ethlas @bab29