Enabling vault access

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.

Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault.  

PATROL for Oracle Enterprise Database supports using password from vault. When you want to specify credentials while configuring a monitor policy for Oracle Enterprise database , you can use the vault to get the credentials.

Before you begin

Enable vault access in PATROL Agent.

For more information, see Enabling vault access .

To enable vault access

Add the following pconfig variable to enable vault.

For more information about adding pconfig, see  Configuration Variables .

/KOE/Oracle/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/<ENVIRONMENT_NAME>/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/<ENVIRONMENT_NAME>/<HOST>|<PORT>|<SID>/isVaultEnabled = "1",

You can enable it at the global level, instance level, environment level, and monitor type.

Instance level variable has the highest precedence over other levels. The precedence order is Instance level > environmental level > monitor type > global level.

Following are the examples of different monitor types :

If you are using vault to access the password in BMC Helix Operations Management, enter the query string in the Password and Confirm password field.

Migrating from the existing Oracle authentication process to use vault 

Ensure you have enabled the PATROL configuration (pconfig) variables required for vault support. For more information, see Enabling vault access

1. Edit the monitoring policy created for Oracle enterprise database.
2. Search for credentials field and replace the user password with vault query string in the Password and Confirm password field.
3. Save the policy.