Data Processing and Analytics Connection Profiles
The following topics describe the connection profile parameters for data processing platforms and services:
Amazon Athena Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Amazon Athena.
The following table describes the Amazon Athena connection profile parameters.
Parameter |
Description |
---|---|
AWS API Base URL |
Defines the Amazon Athena API authentication endpoint. https://athena.us-east-1.amazonaws.com |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret Key |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
Defines the Identity and Access Management (IAM) role name of the AWS service connection in the following format:<role-name> The IAM role must be attached to the EC2 agent that runs the job. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
AWS Data Pipeline Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for AWS Data Pipeline.
The following table describes the AWS Data Pipeline connection profile parameters.
Parameter |
Description |
---|---|
Data Pipeline URL |
Defines the AWS Data Pipeline API authentication endpoint. https://datapipeline.us-east-1.amazonaws.com For more information about regional endpoints available for the AWS Data Pipeline service, refer to the AWS documentation. |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
Defines the Identity and Access Management (IAM) role name of the AWS service connection in the following format:<role-name> The IAM role must be attached to the EC2 agent that runs the job. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30 |
Amazon DynamoDB Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Amazon DynamoDB.
The following table describes the Amazon DynamoDB Connection Profile Parameters.
Parameter |
Description |
---|---|
AWS DynamoDB Login URL |
Determines the Amazon DynamoDB authentication endpoint base URL that includes the region that is defined for the AWS account. https://dynamodb.<us-east-1>.amazonaws.com |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM role |
Defines the Identity and Access Management (IAM) role name of the AWS service connection in the following format:<role-name> The IAM role must be attached to the EC2 agent that runs the job. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
Amazon EMR Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Amazon EMR.
The following table describes the Amazon EMR connection profile parameters.
Parameter |
Description |
---|---|
Region |
Determines the AWS region where the job is located. us-east-2 |
EMR Access Key |
Defines the token for the connection to AWS. |
EMR Service Key |
Defines an additional security token for AWS. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Amazon Redshift Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Amazon Redshift.
The following table describes the Amazon Redshift connection profile parameters.
Parameter |
Description |
---|---|
AWS Base URL |
Defines the Amazon Redshift authentication endpoint. https://redshift-data.us-east-1.amazonaws.com |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key ID |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret Access Key |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
Defines the Identity and Access Management (IAM) role name of the AWS service connection in the following format:<role-name> The IAM role must be attached to the EC2 agent that runs the job. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30 |
Azure Databricks Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure Databricks.
The following table describes the Azure Databricks connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
Authentication Method |
|
Determines one of the following authentication methods:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. |
Managed Identity Client ID |
Managed Identity |
Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID. |
Tenant ID |
Service Principal |
Defines the Azure tenant ID for your organization. |
Application ID |
Service Principal |
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Client Secret |
Service Principal |
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
Service Principal |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Login URL |
|
Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint. |
Databricks URL |
|
Defines the URL of your Databricks workspace. |
Databricks Resource |
|
Defines the resource parameter for the Azure Databricks login application: Default: 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d Do not change the default value unless you are required to by your Azure Administrator. |
Connection Timeout |
|
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50 seconds |
HTTP Codes |
|
Defines the HTTP codes that trigger a rerun of a job step if detected in the response. Multiple HTTP codes must be separated with a space. You cannot rerun a step with HTTP codes when you perform manual execution, such as rerun from point of failure. Default: 429 503 |
Rerun Interval |
|
Defines the number of seconds to wait before Control-M reruns the job step. Default: 10 |
Attempt Reruns |
|
Defines the number of attempts to rerun a job step. Default: 3 |
Azure HDInsight Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure HDInsight.
The following table describes Azure HDInsight connection profile parameters.
Parameter |
Description |
---|---|
Cluster Name |
Defines the name of the HDInsight cluster to connect. |
Cluster Username |
Defines the name of the Administrator to use to connect to Azure HDInsight. |
Cluster Password |
Defines the Administrator password, which is configured in Azure HDInsight. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Synapse Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure Synapse.
The following table describes Azure Synapse connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
Authentication Method |
Service Principal Managed Identity |
Determines one of the following authentication methods:
To prepare for authentication using each of these methods:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. |
Managed Identity Client ID |
Managed Identity |
Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID. |
Azure AD URL |
Service Principal Managed Identity |
Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint. |
Tenant ID |
Service Principal |
Defines the Azure tenant ID for your organization. |
App ID |
Service Principal |
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Client Secret |
Service Principal |
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
Service Principal |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Synapse URL |
|
Defines the workspace development endpoint. https://myworkspace.dev.azuresynapse.net |
Synapse Resource |
|
Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD: https://dev.azursesynapse.net/ |
Connection Timeout |
Service Principal Managed Identity |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50 seconds. |
Data Assurance Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Data Assurance.
The following table describes the Data Assurance connection profile parameters.
Parameter |
Description |
---|---|
Data Source |
Determines the data source type that the Data Assurance plug-in connects to, as follows:
|
Host |
Defines the database hostname. vw-da-mssqldb\MSSQLSERVER22 |
Port |
Determines the database port number, which enables the Data Assurance plug-in to communicate with the database host. |
Name |
Defines the database name. Vendors_PostgreSQL_DB |
Service |
Defines the Oracle service name and schema type. ORCLPDB1 |
Schema |
Determines the database schema type, which describes the database layout, its table and field definitions, and their relationships to each other. public |
User |
Defines the data source username. |
Password |
Defines the data source password. |
Path |
Defines the local file directory where one or more CSV files are stored. /home/dbauser/Acme_Coffee/Coffee_Suppliers/ |
File Pattern |
Determines the CSV filename pattern and extension. Default: *.csv *_Coffee.csv enables you access to access the following files, which are located in the /home/dbauser/Acme_Coffee/Coffee_Suppliers/ directory that is defined in the Path attribute:
|
Filter Method |
Determines whether to open files, based on when they were created or modified, as follows:
|
Max Age in Hours |
Determines the number of hours that a file was last created or modified, based on the Filter Method parameter. Valid Values:
Three CSV files exist in the defined file directory, as follows:
The following Max Age in Hours values enable you to view these files:
|
Delimiter |
Determines one of the following characters, which marks the beginning or end of a unit of data:
Default: Comma (,) |
Contains Header |
Determines whether the file contains headers, which define the type of data in each row. |
Most Recent File |
Opens the most recent file in the directory. |
Databricks Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Databricks.
The following table describes the Databricks connection profile parameters.
Parameter |
Description |
---|---|
Databricks Workspace URL |
Defines the URL of your Databricks workspace. |
Databricks Personal Access Token |
(PAT) Defines a Databricks token for authentication of connections to the Databricks workspace. |
Application ID |
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Client Secret |
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50 seconds |
HTTP Codes |
Defines the HTTP codes that trigger a rerun of a job step if detected in the response. Multiple HTTP codes must be separated with a space. You cannot rerun a step with HTTP codes when you perform manual execution, such as rerun from point of failure. Default: 429 |
Rerun Interval |
Defines the number of seconds to wait before Control-M reruns the job step. Default: 10 |
Attempt Reruns |
Defines the number of attempts to rerun a job step. Default: 3 |
dbt Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for dbt.
The following table describes the dbt (Data Build Tool) connection profile parameters.
Parameter |
Description |
---|---|
DBT URL |
Defines the dbt API authentication endpoint. Default: https://cloud.getdbt.com |
DBT Token |
Defines the authentication code that is used to create a connection to the dbt platform. This code is located in the API Access section in the dbt Cloud platform. |
Account ID |
Defines the unique ID that is assigned to your dbt cloud account. This ID is located in the Account Info section in the dbt cloud platform. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 60 |
GCP BigQuery Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP BigQuery.
The following table describes the GCP BigQuery connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
|
GCP BigQuery URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery. https://bigquery.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
GCP Dataflow Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP Dataflow.
The following table describes the Google Cloud Platform (GCP) Dataflow connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
IAM is available on GCP VMs only. |
Dataflow URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Dataflow. https://dataflow.googleapis.com |
Service Account Key |
(Service Account) Defines a JSON body that contains the required service account credentials to access GCP, as shown in the following example: Copy
|
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
GCP Dataproc Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP Dataproc.
The following table describes the Google Cloud Platform (GCP) Dataproc connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
IAM is available on GCP VMs only. |
Dataproc URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Dataproc. https://dataproc.googleapis.com |
Service Account Key |
(Service Account) Defines a JSON body that contains the required service account credentials to access GCP, as shown in the following example: Copy
|
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines a timeout value, in seconds, for the trigger call to Google Cloud Platform. Default: 20 seconds |
OCI Data Flow Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI Data Flow.
The following table describes OCI Data Flow connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
OCI Data Flow URL |
All methods |
Defines the OCI Data Flow URL in the following format: https://dataflow.<region>.oci.oraclecloud.com/20200129 |
OCI Region |
All methods |
Determines the region where OCI Data Flow is located. ap-melbourne-1 eu-madrid-1 |
Authentication |
NA |
Determines one of the following authentication methods:
The following configuration file example defines two profiles: DEFAULT for Linux and PROFILE2 for Windows: Copy
|
User OCID |
Defined Parameters |
Defines an individual user within the OCI environment. |
Tenancy OCID |
Defined Parameters |
Defines the OCI Tenancy ID in an OCI Data Flow, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
Defined Parameters |
Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key. |
Private Key |
Defined Parameters |
Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Use External Vault |
Defined Parameters |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Config File Path |
Configuration File |
Defines the Agent-based pathname to the configuration file that contains authentication credentials.
|
Profile |
Configuration File |
Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample. |
Connection Timeout |
All methods |
Defines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30 |
Snowflake Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Snowflake.
The following table describes the Snowflake connection profile parameters.
This connection profile uses token-based authentication. To authenticate using an Identity Provider (IdP), see Snowflake IdP Connection Profile Parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
Snowflake URL |
All methods |
Defines the hostname URL, as follows: https://{{AccountID}}.{{Region}}.snowflakecomputing.com |
Account Identifier |
All methods |
Defines the Snowflake account identifier. To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties. OAUTH_AUTHORIZATION_ENDPOINT has the following value: https://abc123.us-east-1.snowflakecomputing.com/oauth/authorize In this value, the account identifier is the following string: abc123 For more information about obtaining values for the parameters required by the connection profile, see Knowledge Article KA000437810. |
Region |
All methods |
Determines the region where the Snowflake jobs are located. us-east-1 |
Authentication Type |
N/A |
Determines one of the following authentication methods:
|
Client ID |
Snowflake OAuth |
Defines the client ID assigned to the account in the Snowflake integration setup. |
Client Secret |
Snowflake OAuth |
Defines the client secret assigned to the account in the Snowflake integration setup. |
Refresh Token |
Snowflake OAuth |
Defines the value for the refresh token. Rule: This string must be URL-encoded. |
Redirect URL |
Snowflake OAuth |
Defines the redirect URL assigned to the account in the Snowflake integration setup. Rule: This string must be URL-encoded. |
Access Token |
Programmatic Access Token |
Defines the access token for Snowflake authentication. |
Use External Vault |
All methods |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Snowflake IdP Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Snowflake.
The following table describes the Snowflake Identity Provider (IdP) connection profile parameters.
This connection profile authenticates using an Identity Provider (IdP). To use token-based authentication, see Snowflake IdP Connection Profile Parameters.
Parameter |
Description |
---|---|
Account Identifier |
Defines the Snowflake IdP account identifier. To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties. EXTERNAL_OAUTH_AUDIENCE_LIST has the following value: https://abc123.us-east-1.snowflakecomputing.com In this value, the account identifier is the following string: abc123 For information about the values for the parameters required by the connection profile, see the IdP-specific External OAuth configuration instructions in the Snowflake documentation. |
Region |
Determines the region where the Snowflake jobs are located. us-east-1 |
Client ID |
Defines the client ID assigned to the account in the Snowflake integration setup. |
Client Secret |
Defines the client secret assigned to the account in the Snowflake integration setup. |
IDP URL |
Defines the authentication endpoint for Snowflake IdP. |
Scope |
Defines the scope, which limits the operations you can do and the roles you can use in the Snowflake IdP plug-in, as follows: session:role:<custom_role> session:role:sysadmin |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |