This documentation relates to the latest released version of BMC Discovery.
See the information on this topic for versions 11.2 or 11.1.

The credentials used to log in to discovery targets, synchronize to the CMDB, and export data using adapters are stored in a vault that is encrypted with a default passphrase when the appliance is built. The vault provides a secure mechanism for storing credential information. Only users with Discovery or Administration privileges have read/write access to the vault, with read access limited to non-sensitive information only (passwords can never be seen in the UI or at the command line). The content of the vault is secured using 256 bit AES encryption in CBC mode.

For further details, see Information security.

The credential vault can be open or closed. If no passphrase is set, the vault is opened automatically when Discovery starts. If a passphrase has been set, you will be prompted to enter it before Discovery can begin. While the vault is open, BMC Discovery can use the credentials stored in it to access devices.

When Discovery is stopped, the vault is automatically closed if a passphrase is set. You can close the vault while Discovery is in progress. This will prevent access to further devices during the current Discovery runs.

Whenever a credential is added, removed, or changed, the vault is backed up. No more than two copies of the vault are held as back ups. When the vault passphrase is added, changed, or removed, all backups are deleted, ensuring that no backups of potentially less secure vaults are retained on the system.

The following topics are covered in this section:

To manage the credential vault

From the main menu, click the Administration icon. The Administration page displays.

From this page you can open or close the credential vault and specify a passphrase to secure it. You can also change the passphrase or remove it.

Setting a passphrase

To set a passphrase:

  1. Enter the new passphrase in the New Passphrase field.
  2. Repeat it in the verify New Passphrase field.
  3. You can also choose to save the passphrase so that it is not required whenever scanning is enabled. You must still enter a passphrase to open a closed credential vault. To do so, select Save Passphrase.
  4. Click Set Passphrase.
    The passphrase is now set.

Changing a passphrase

To change a passphrase:

  1. Enter the new passphrase in the New Passphrase field.
  2. Repeat it in the Verify New Passphrase field.
  3. Click Change Passphrase.
    The passphrase is now changed.

Setting or changing a passphrase does not change whether the vault is open or closed.

Clearing a passphrase

To clear a passphrase:

  1. Enter the current passphrase in the Current Passphrase field.
  2. Click Clear Passphrase.
    The passphrase is now cleared.

Opening the credential vault

To open a closed credential vault:
Enter the passphrase and click Open the Vault.
You are requested to confirm the operation.

You can also open the credential vault from the Discovery Home page. When Discovery is not running and the vault is closed, a Passphrase entry box is displayed above START LOCAL SCANS.

Closing the credential vault

To close the vault, it must be open and have the passphrase set:
Click Close the Vault.
You are requested to confirm the operation.

You can also close the vault from the Discovery Home page. When Discovery is running and a passphrase is set, stopping Discovery also closes the vault.

Related topics

Configuring credentials

Was this page helpful? Yes No Submitting... Thank you
  • No labels
© Copyright 2004 - 2019 BMC Software, Inc.
Legal notices