Integrating with BeyondTrust Password Safe
Before you begin
To integrate with BeyondTrust Password Safe
- From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers.
The Manage Vault page opens. - Select the BeyondTrust Password Safe tab.
Enter the settings appropriate to your BeyondTrust Password Safe on the page:
Field Name
Description
Status
A read-only display showing the status of the integration with BeyondTrust Password Safe. This can be one of: ACTIVE, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.
Enabled
Select the check box to enable the integration with BeyondTrust Password Safe.
URL
The URL of BeyondTrust Password Safe. Only HTTPS URLs are permitted. This field is mandatory.
You should ask your BeyondTrust Password Safe administrator for the URL, API key, user name, and password to access BeyondTrust Password Safe.
Set API Key
Field in which you can enter an API key. To make the field editable, select the check box and paste in the key. The key is not displayed. This field is mandatory.
User Name
A user name for BeyondTrust Password Safe. This field is mandatory.
Set Password
Field in which you can enter the password corresponding to the User name.
To make the field editable, select the check box and set the password. The password is not displayed.Checkout Duration
(in minutes)The time (in minutes) for which the password is guaranteed to remain valid. The default is 15 minutes and the minimum is one minute.
Timeout (in seconds)
The timeout (in seconds) for requests to the provider. The default is 300 seconds and the minimum 5 seconds.
SSL Certificate Check
Select to enable an SSL certificate check against the server. The result is reported in the Status message.
- Click Test to test the connection. The configuration is not saved until you click the Apply button.
- Click Apply to save and apply the configuration.
The integration between
BMC Helix Discovery
and BeyondTrust Password Safe is complete. For information on using credentials from BeyondTrust Password Safe to access discovery targets, see Adding-credentials.
How credentials are stored in BeyondTrust Password Safe
The credentials stored in BeyondTrust Password Safe are linked to an asset. You create the asset, and then add credentials to that asset, according to the BeyondTrust Password Safe documentation.
Credential parameters in BeyondTrust Password Safe, the corresponding BMC Helix Discovery Add Credential field name, and a description of their meaning in BMC Helix Discovery are shown in the following table:
BeyondTrust Password Safe parameter | BMC Helix Discovery Add Credential field name | Meaning in BMC Helix Discovery |
|---|---|---|
System | BeyondTrust System | The name of the system in BeyondTrust Password Safe is taken from the asset name. The system name should be considered as the credential name in BMC Helix Discovery. It has no effect on the target that BMC Helix Discovery scans, it simply locates the credential in BeyondTrust Password Safe. |
Account | BeyondTrust Account | The user name with which to access the discovery target. The integration retrieves the corresponding password from BeyondTrust Password Safe. There might be more than one account for each system. For example, an account called discovery and one called root or admin for discovering targets using elevated permissions. |
To use a credential from BeyondTrust Password Safe in BMC Helix Discovery
In this example there is a server called "server74". The following details are configured in BeyondTrust Password Safe:
- System — server74
- Account — discovery. A UNIX account called discovery and its corresponding password
- Account — root. A UNIX root account for the server and its corresponding password
For the discovery account, you specify the credential using server74 for the system and discovery for the user.
For the root account, you specify the credential using server74 for the system and root for the user.
The following screenshot shows adding the credential for server74:
