Enabling vault access
A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.
Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault.
PATROL Agent provides you access to vault. You can add access to various environments that you want to monitor. When you want to specify these credentials while configuring a monitor policy for a KM, you can use the vault to provide those credentials.
Currently, PATROL Agent supports the CyberArk vault for the following Knowledge Modules.
Knowledge Module | Supported release |
---|---|
PATROL for PostgreSQL Database | 1.1.10 |
PATROL for Oracle Enterprise Database | 3.1.03 |
PATROL for MongoDB | 1.1.31 |
PATROL for Sybase | 22.02.06 |
PATROL for IBM DB2 | 9.7.01 |
For more information on how to enable vault access, refer to the respective Knowledge Module documentation.
Enabling vault process:
Before you begin
Tasks | Description |
---|---|
Get the application ID | The unique ID of the application that is issuing the password request. |
Obtain the central credential provider URL | The central credential provider URL. |
Query to retrieve the password | Adding variables to pconfig file. |
(Optional) Provide the client certificate to authenticate with vault | Client certificate and its private key. |
To enable vault access
To enable PATROL Agent to retrieve a password from the vault, add the following variables to the configuration variable by using the pconfig utility.
For more information about adding pconfig, see Using pconfig to configure the PATROL Agent.
"/AgentSetup/PIA_Vault/appId" = { REPLACE = "BMC_XHOX_SSL" },
"/AgentSetup/PIA_Vault/certPath" = { REPLACE = "/opt/bmc/Patrol_Agent/Patrol3/vault/ClientCert.cer" },
"/AgentSetup/PIA_Vault/cpurl" = { REPLACE = "https://vaultserver.example.com:1x83x" }
"/AgentSetup/PIA_Vault/certType" = { REPLACE = "P12" },
"/SecureStore/PIA_Vault/passphrase" = { REPLACE="MCA/abc"}
Variable | Description |
---|---|
appID | The unique ID of the application. |
cpurl | The central credential provider URL. |
cretPath (optional) | Client certificate and its private key. |
certType (optional) | If you are using a PKCS12 format certificate. |
passphrase (optional) | If you are using passphrase for the certificate in PKCS12. Example: "/SecureStore/PIA_Vault/passphrase" = { REPLACE="MCA/abc"}
|
Comments
Log in or register to comment.