Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 23.1

Enabling vault access

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.

Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault. 


PATROL Agent provides you access to vault. You can add access to various environments that you want to monitor. When you want to specify these credentials while configuring a monitor policy for a KM, you can use the vault to provide those credentials.

Related topics

Vault configuration for PATROL for Oracle Enterprise Database 

Using-the-pconfig-utility-to-modify-PATROL-Agent-configuration-variables

Currently, PATROL Agent supports the CyberArk vault for the following Knowledge Modules.

Knowledge Module

Supported release

PATROL for PostgreSQL Database

1.1.10

PATROL for Oracle Enterprise Database

3.1.03

PATROL for MongoDB

1.1.31

PATROL for Sybase

22.02.06

PATROL for IBM DB2

9.7.01

For more information on how to enable vault access, refer to the respective Knowledge Module documentation.

Enabling vault process:

image2023-1-12_22-59-14.png

Before you begin

Tasks

Description

Get the application ID

The unique ID of the application that is issuing the password request.

Obtain the central credential provider URL

The central credential provider URL.

Query to retrieve the password

Adding variables to pconfig file.

(Optional) Provide the client certificate to authenticate with vault

Client certificate and its private key.

To enable vault access

To enable PATROL Agent to retrieve a password from the vault, add the following variables to the configuration variable by using the pconfig utility.

For more information about adding pconfig, see Using pconfig to configure the PATROL Agent.


"/AgentSetup/PIA_Vault/appId"        = { REPLACE = "BMC_XHOX_SSL" },
"/AgentSetup/PIA_Vault/certPath"     = { REPLACE = "/opt/bmc/Patrol_Agent/Patrol3/vault/ClientCert.cer" },
"/AgentSetup/PIA_Vault/cpurl"        = { REPLACE = "https://vaultserver.example.com:1x83x" }
"/AgentSetup/PIA_Vault/certType"     = { REPLACE = "P12" },
"/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}


Variable

Description

appID

The unique ID of the application.

cpurl

The central credential provider URL.

cretPath (optional)

Client certificate and its private key.

certType (optional)

If you are using a PKCS12 format certificate.

passphrase (optional)

If you are using passphrase for the certificate in PKCS12.

Example: "/SecureStore/PIA_Vault/passphrase"  = { REPLACE="MCA/abc"}

MCA/ is mandatory.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*