Vaultamagic
CyberArk migration toolkit

Conjure a clean inventory
out of your vault.

Vaultamagic builds a read-only PowerShell script that inventories your CyberArk Safes, permissions, applications, and accounts — then exports them to CSV. No install. No backend. No credentials in the browser.

Open the generator → How it works
Runs entirely in your browser Read-only against the vault Nothing leaves this page

How the magic works

Three steps, no installation, no moving parts on our side.

1

Fill in your values

Point it at your PVWA, pick an auth method, and choose what to export — Safes, permissions, applications, accounts.

2

Copy the script

Vaultamagic assembles a PowerShell script tailored to your choices. Read it, copy it, or download the .ps1.

3

Run it locally

It prompts for your credentials, talks to your PVWA directly, and writes CSV files to your own machine.

See the full walkthrough →

Built to pass a security review

The whole point of a script generator: the website never touches your vault.

  • Nothing leaves your browserThe page is static — no backend, no analytics on your inputs, no server that could capture anything.
  • It never sees your credentialsThe generated script prompts for them at runtime with Get-Credential. No password is ever typed into a webpage.
  • Read-only against the vaultOnly GET requests plus CyberArk's own read-a-secret call. No create, update, or delete operations.
  • You run it yourselfRead the script before you run it. Secret retrieval is opt-in and audited by CyberArk.

Read the full security story →

Ready to pull your inventory?

Open the generator, fill in a few values, and copy your script. It takes about a minute.

Open the generator →