This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 23.1 Open link

Enabling vault access

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.

Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault. 

PATROL Agent provides you access to vault. You can add access to various environments that you want to monitor. When you want to specify these credentials while configuring a monitor policy for a KM, you can use the vault to provide those credentials.

Currently, PATROL Agent supports the CyberArk vault for the following Knowledge Modules.

Knowledge ModuleSupported release
PATROL for PostgreSQL Database1.1.10
PATROL for Oracle Enterprise Database3.1.03
PATROL for MongoDB1.1.31
PATROL for Sybase22.02.06
PATROL for IBM DB29.7.01

For more information on how to enable vault access, refer to the respective Knowledge Module documentation.

Enabling vault process:

Before you begin

Get the application IDThe unique ID of the application that is issuing the password request.
Obtain the central credential provider URLThe central credential provider URL.
Query to retrieve the passwordAdding variables to pconfig file.

(Optional) Provide the client certificate to authenticate with vault

Client certificate and its private key.

To enable vault access

To enable PATROL Agent to retrieve a password from the vault, add the following variables to the configuration variable by using the pconfig utility.

For more information about adding pconfig, see Using pconfig to configure the PATROL Agent.

"/AgentSetup/PIA_Vault/appId"        = { REPLACE = "BMC_XHOX_SSL" },
"/AgentSetup/PIA_Vault/certPath"     = { REPLACE = "/opt/bmc/Patrol_Agent/Patrol3/vault/ClientCert.cer" },
"/AgentSetup/PIA_Vault/cpurl"        = { REPLACE = "" }
"/AgentSetup/PIA_Vault/certType"     = { REPLACE = "P12" },
"/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}

appIDThe unique ID of the application.
cpurlThe central credential provider URL.
cretPath (optional)Client certificate and its private key.
certType (optional)If you are using a PKCS12 format certificate.
passphrase (optional)

If you are using passphrase for the certificate in PKCS12.

Example: "/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}

MCA/ is mandatory.

Was this page helpful? Yes No Submitting... Thank you