×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Important

   

This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 23.1 Open link

BMC PATROL Agent for BMC Helix Operations Management 23.1 Using

Enabling vault access

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.

Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault. 


PATROL Agent provides you access to vault. You can add access to various environments that you want to monitor. When you want to specify these credentials while configuring a monitor policy for a KM, you can use the vault to provide those credentials.

Related topics

Vault configuration for PATROL for Oracle Enterprise Database 

Using the pconfig utility to modify PATROL Agent configuration variables

Currently, PATROL Agent supports the CyberArk vault for the following Knowledge Modules.

Knowledge ModuleSupported release
PATROL for PostgreSQL Database1.1.10
PATROL for Oracle Enterprise Database3.1.03
PATROL for MongoDB1.1.31
PATROL for Sybase22.02.06
PATROL for IBM DB29.7.01

For more information on how to enable vault access, refer to the respective Knowledge Module documentation.

Enabling vault process:

Before you begin

TasksDescription
Get the application IDThe unique ID of the application that is issuing the password request.
Obtain the central credential provider URLThe central credential provider URL.
Query to retrieve the passwordAdding variables to pconfig file.

(Optional) Provide the client certificate to authenticate with vault

Client certificate and its private key.

To enable vault access

To enable PATROL Agent to retrieve a password from the vault, add the following variables to the configuration variable by using the pconfig utility.

For more information about adding pconfig, see Using pconfig to configure the PATROL Agent.


"/AgentSetup/PIA_Vault/appId"        = { REPLACE = "BMC_XHOX_SSL" },
"/AgentSetup/PIA_Vault/certPath"     = { REPLACE = "/opt/bmc/Patrol_Agent/Patrol3/vault/ClientCert.cer" },
"/AgentSetup/PIA_Vault/cpurl"        = { REPLACE = "https://vaultserver.example.com:1x83x" }
"/AgentSetup/PIA_Vault/certType"     = { REPLACE = "P12" },
"/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}


VariableDescription
appIDThe unique ID of the application.
cpurlThe central credential provider URL.
cretPath (optional)Client certificate and its private key.
certType (optional)If you are using a PKCS12 format certificate.
passphrase (optional)

If you are using passphrase for the certificate in PKCS12.

Example: "/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}

MCA/ is mandatory.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sandip Modi on Nov 17, 2023
pconfig vault cyberark_vault

Comments

Log in or register to comment.

Using wpconfig (Windows) to configure the PATROL Agent
PATROL Agent security
© Copyright 2014 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.