{"id":19963751,"url":"https://github.com/cyberark/psm","last_synced_at":"2025-10-05T20:59:44.240Z","repository":{"id":37804277,"uuid":"155053788","full_name":"cyberark/psm","owner":"cyberark","description":"Ansible role to deploy Cyberark Privileged Session Manager","archived":false,"fork":false,"pushed_at":"2023-08-01T23:02:17.000Z","size":177,"stargazers_count":15,"open_issues_count":15,"forks_count":11,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-12T04:52:50.216Z","etag":null,"topics":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"latest_commit_sha":null,"homepage":"https://www.cyberark.com/products/privileged-account-security-solution/privileged-session-manager/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-28T09:21:09.000Z","updated_at":"2024-03-09T14:39:43.000Z","dependencies_parsed_at":"2023-01-30T22:00:30.282Z","dependency_job_id":null,"html_url":"https://github.com/cyberark/psm","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpsm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpsm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpsm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpsm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/psm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224374770,"owners_count":17300712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"created_at":"2024-11-13T02:17:18.569Z","updated_at":"2025-10-05T20:59:39.212Z","avatar_url":"https://github.com/cyberark.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PSM Ansible Role\nThis Ansible Role will deploy and install CyberArk Privileged Session Manager including the pre-requisites, application, hardening and connect to an existing Vault environment.\n\n## Requirements\n------------\n\n- Windows 2016 installed on the remote host\n- WinRM open on port 5986 (**not 5985**) on the remote host\n- Pywinrm is installed on the workstation running the playbook\n- The workstation running the playbook must have network connectivity to the remote host\n- The remote host must have Network connectivity to the CyberArk vault and the repository server\n  - 443 port outbound\n  - 1858 port outbound\n- Administrator access to the remote host\n- PSM CD image\n\n\n### Flow Variables\nVariable                         | Required     | Default                                   | Comments\n:--------------------------------|:-------------|:------------------------------------------|:---------\npsm_prerequisites                | no           | false                                     | Install PSM pre requisites\npsm_install                      | no           | false                                     | Install PSM\npsm_postinstall                  | no           | false                                     | PSM post install role\npsm_hardening                    | no           | false                                     | Apply PSM hardening\npsm_registration                 | no           | false                                     | Connect PSM to the Vault\npsm_clean                        | no           | false                                     | N/A\nplatform                         | no           | aws                                       | Deployed platform (aws/azure)\n\n### Deployment Variables\nVariable                         | Required     | Default                                              | Comments\n:--------------------------------|:-------------|:-----------------------------------------------------|:---------\nvault_ip                         | yes          | None                                                 | Vault IP to perform registration\nvault_port                       | no           | **1858**                                             | Vault port\nvault_username                   | no           | **administrator**                                    | Vault username to perform registration\nvault_password                   | yes          | None                                                 | Vault password to perform registration\nsecure_vault_password            | no           | None                                                 | Secure Vault password to perform registration\ndr_vault_ip                      | no           | None                                                 | Vault DR IP address to perform registration\naccept_eula                      | yes          | **No**                                               | Accepting EULA condition (Yes/No)\npsm_zip_file_path                | yes          | None                                                 | CyberArk PSM installation Zip file package path\npsm_installation_drive           | no           | **C:**                                               | Destination installation drive\npsm_out_of_domain                | no           | false                                                | Flag to determine if server is out of domain\n\n## Dependencies\nNone\n\n## Usage\nThe role consists of a number of different tasks which can be enabled or disabled for the particular\nrun.\n\n`psm_prerequisites`\n\nThis task will run the PSM pre-requisites steps.\n\n`psm_install`\n\nThis task will deploy the PSM to required folder and validate successful deployment.\n\n`psm_postinstall`\n\nThis task will run the PSM post installation steps.\n\n`psm_hardening`\n\nThis task will run the PSM hardening process.\n\n`psm_registration`\n\nThis task will perform registration with active Vault.\n\n`psm_validateparameters`\n\nThis task will validate which PSM steps have already occurred on the server to prevent repetition.\n\n`psm_clean`\n\nThis task will clean the configuration (inf) files from the installation, delete the\nPSM installation logs from the Temp folder and delete the cred files.\n\n\n## Example Playbook\nBelow is an example of how you can incorporate this role into an Ansible playbook\nto call the PSM role with several parameters:\n\n```\n---\n- ansible.builtin.include_role:\n    name: psm\n  vars:\n    - psm_prerequisites: true\n    - psm_install: true\n    - psm_postinstall: true\n    - psm_hardening: true\n    - ps_clean: true\n```\n\n## Running the playbook:\nFor an example of how to incorporate this role into a complete playbook, please see the\n**[pas-orchestrator](https://github.com/cyberark/pas-orchestrator)** example.\n\n## License\nApache License, Version 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fpsm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fpsm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fpsm/lists"}