{"id":19963750,"url":"https://github.com/cyberark/pvwa","last_synced_at":"2025-06-10T17:36:39.647Z","repository":{"id":34342739,"uuid":"155053806","full_name":"cyberark/pvwa","owner":"cyberark","description":"Ansible role to deploy Cyberark Password Vault Web Access","archived":false,"fork":false,"pushed_at":"2025-04-25T08:39:30.000Z","size":13213,"stargazers_count":20,"open_issues_count":9,"forks_count":11,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-03T22:37:42.372Z","etag":null,"topics":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"latest_commit_sha":null,"homepage":"https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-10-28T09:21:18.000Z","updated_at":"2024-10-11T07:20:24.000Z","dependencies_parsed_at":"2024-12-03T15:31:06.846Z","dependency_job_id":"fbff0e63-0ac0-4e9e-93f8-b68e108bc067","html_url":"https://github.com/cyberark/pvwa","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpvwa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpvwa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpvwa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpvwa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/pvwa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fpvwa/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259118547,"owners_count":22808005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","automation","conjbot-skip-stalepr","cyberark"],"created_at":"2024-11-13T02:17:18.482Z","updated_at":"2025-06-10T17:36:39.623Z","avatar_url":"https://github.com/cyberark.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PVWA Ansible Role\nThis Ansible Role will deploy and install CyberArk Password Vault Web Access including the pre-requisites, application, hardening and connect to an existing Vault environment.\n\n## Requirements\n------------\n- Windows 2016 installed on the remote host\n- WinRM open on port 5986 (**not 5985**) on the remote host\n- Pywinrm is installed on the workstation running the playbook\n- The workstation running the playbook must have network connectivity to the remote host\n- The remote host must have Network connectivity to the CyberArk vault and the repository server\n  - 443 port outbound\n  - 445 port inbound\n  - 1858 port outbound\n- Administrator access to the remote host\n- PVWA CD image\n\n## Role Variables\nThese are the variables used in this playbook:\n\n### Flow Variables\nVariable                          | Required     | Default                                         | Comments\n:----------------------------------|:-------------|:------------------------------------------------|:---------\npvwa_prerequisites                | no           | false                                           | Install PVWA pre-requisites\npvwa_install                      | no           | false                                           | Install PVWA\npvwa_hardening                    | no           | false                                           | Apply PVWA hardening\npvwa_registration                 | no           | false                                           | Connect PVWA to the Vault\npvwa_clean                        | no           | false                                           | N/A\n\n### Deployment Variables\nVariable                          | Required     | Default                                         | Comments\n:----------------------------------|:-------------|:------------------------------------------------|:---------\nvault_ip                          | yes          | None                                            | Vault IP address to perform registration\nvault_port                        | no           | **1858**                                        | Vault port\nvault_username                    | no           | **administrator**                               | Vault username to perform registration\nvault_password                    | yes          | None                                            | Vault password to perform registration\ndr_vault_ip                       | no           | None                                            | Vault DR IP address to perform registration\naccept_eula                       | yes          | **No**                                          | Accepting EULA condition (Yes/No)\npvwa_url                          | yes          | None                                            | URL of registered PVWA\npvwa_zip_file_path                | yes          | None                                            | CyberArk PVWA installation Zip file package path\npvwa_auth_type                    | yes          | **cyberark;ldap**                               | Authentication Type\npvwa_iis_app_folder               | yes          | **C:\\inetpub\\wwwroot\\PasswordVault**            | IIS Application Folder\npvwa_app_name                     | yes          | **PasswordVault**                               | Web Application Name\npvwa_installation_drive           | no           | **C:**                                          | Destination installation drive\n\n## Dependencies\nNone\n\n## Usage\nThe role consists of a number of different tasks which can be enabled or disabled for the particular\nrun.\n\n`pvwa_install`\n\nThis task will deploy the PVWA to required folder and validate successful deployment.\n\n`pvwa_hardening`\n\nThis task will run the PVWA hardening process.\n\n`pvwa_registration`\n\nThis task perform registration with active Vault.\n\n`pvwa_validateparameters`\n\nThis task will validate which PVWA steps have already occurred on the server to prevent repetition.\n\n`pvwa_clean`\n\nThis task will clean the configuration (inf) files from the installation, delete the\nPVWA installation logs from the Temp folder and delete the cred files.\n\n## Example Playbook\nBelow is an example of how you can incorporate this role into an Ansible playbook\nto call the PVWA role with several parameters:\n\n```\n---\n- include_role:\n    name: pvwa\n  vars:\n    pvwa_install: true\n    pvwa_hardening: true\n    pvwa_clean: true\n```\n\n## Running the  playbook:\nFor an example of how to incorporate this role into a complete playbook, please see the\n**[pas-orchestrator](https://github.com/cyberark/pas-orchestrator)** example.\n\n## License\nApache License, Version 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fpvwa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fpvwa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fpvwa/lists"}