Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Encryption

The PATROL Agent integrates security and encryption mechanisms to protect sensitive data and credentials. These mechanisms include advanced encryption techniques, secure storage solutions, and integration with credential management systems, all designed to ensure data integrity and protection.


Encryption mechanism

The PATROL Agent uses Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) to encrypt and decrypt BMC Helix Operations Management policy to provide strong protection for passwords. The agent also supports older encryption methods to maintain compatibility with previous versions.


Secure store

The Secure Store is a secure configuration database that protects sensitive data through encryption. Data is stored in the BMC_ROOT\common\security\SKS\sks-<hostName>-<port>.db file and encrypted with AES by using a dynamic key unique to each PATROL Agent instance. For additional security, the Secure Store re-encrypts data before saving it. Access is managed without a user name or password by using the sec_store_get() and sec_store_set() functions for secure data handling.


Vault integration

The PATROL Agent integrates with CyberArk Vault to manage Oracle Knowledge Module (KM) credentials, especially in environments where passwords frequently change. This integration ensures that the PATROL Agent always retrieves the most current credentials from the Vault, maintaining up-to-date security for the Oracle Knowledge Module.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*