Secure vault is used to store the sensitive information which needs to be provided during the task execution process.

All secure data is stored in the Vault as keys. Vault encrypts these keys before writing them to persistent storage. Secure vault variables are also maintained at an App level and the scope is limited to an APP.

Add New Secure Data

Any user with the privilege to add secure data like business user and designer can add Secure data.

1. Click on the Secure Vault icon in the menu bar, to display the Secure Vault dashboard with the details of all the keys created in the system for that Tenant:
2. Click on the + icon, to display the Add Secure Data window to provide secure data values:
3. Provide the following details:

• Secure Key: Type the name of the Secure key to be created. Each App has its own key-value pairs. It is related to the application that the user is creating a secure key for. The key is unique across the tenant and can be shared with anyone within the tenant. Example: Key_FA_CAP – refers to a key created for the FA – Capitalisation process flow. Refer Key and Value pair section for details.

• App ID: Provide the required App ID to identify an application to the CyberArk Vault.
• Safe: Specify the safe name where the account exists (Name of the Access Control (Safe) where credentials are stored).
• Folder: Specify the folder name inside a safe (Name of the folder where the account resides (\‘root\’ by default)).
  
• Value: Enter a secure password for this key. The provided value is represented as ***** so that the secret data is not visible to the user.
• Confirm Value: Type the secure password again that is provided in the Value field.
• Description: This field allows the user to give a short description of the key that is being created.
• Share this with: Allows the user to select the level at which the value would be shared. The value that gets stored can be shared either with all the users or to specific users for that Tenant by selecting the Specific People or Global Audience options, respectively.
• Users List: If the Specific People option is selected, then the user must select the users from the Users List table and provide required access to them. The Name row along with accesses Read Only, Update and Vault Admin is displayed in the Users List table. Subsequent rows can be added by using the + icon. The Name field is a drop-down field, listing all the users in the system related to that App. Multiple users can be added and provided required access accordingly by using + icon. Upon selecting the users, assign appropriate access rights (Read-Only, Update, Admin) based on the requirement:
• [Read-Only]: The user can view the secure vault details in the read-only mode and cannot perform any modifications. All the fields are disabled.
• [Update]: The user will be provided with access to modify the vault details in the App. The fields are enabled for the user to modify the details if required.
• [Admin]: The user will get the Admin rights to read, write, and share with other users in the system and provide access accordingly using the Specific People and Global Audience options in the Add Secure Data window.
• If the Global Audience option is selected, then the secure data will get shared with all the users in the system for that App. In this case, the Users List section is disabled.
• Click on the SAVE button to save the secure data details.
• Click on the CANCEL button to cancel the process of adding secure data for that App.

Edit Secure Data

1. Click on the Edit icon that is provided against each entry of the Secure vault key.

The Secure Key field is non-editable by default. The remaining fields in the Edit Secure Data screen are editable/disabled based on the access provided to the user (Read-only, Update, Vault Admin).

Task Import/Export - Impact On Secure Key

When a task is getting imported from one App to another, only the secure key is imported. The values associated with the key from the exported environment is not available in the environment where the task is imported to, the user must edit the secure key to add value.