Skip to Content
Information
Important

This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Vault Adapter overview

Related topics

Installing BMC Helix Vault Adapter

Configuring BMC Helix Vault Adapter

 

The BMC Helix Vault Adapter is a standalone component that enables BMC PATROL Agents to securely retrieve credentials from an external enterprise password vault, such as BeyondTrust. By retrieving credentials dynamically at runtime, it eliminates the need to store passwords in the monitor policy and to update them when credentials change.

The BMC Helix Vault Adapter is designed for secure, remote monitoring environments and acts as an intermediary between PATROL Agents and the vault server. This enables centralized credential management and ensures uninterrupted monitoring in environments where frequent password changes can be disruptive.

BMC Helix Vault Adapter architectureEdit

BMC Helix Vault Adapter Architecture

The following section explains how credentials are retrieved at runtime by using the BMC Helix Vault Adapter:

1770886709357-299.png 1: The PATROL Agent sends a request for credentials to the BMC Helix Vault Adapter.

During remote monitoring, the PATROL Agent requires credentials to authenticate to a remote monitored system. The PATROL Agent sends a credential request to the BMC Helix Vault Adapter. 

1770886733304-654.png 2: BMC Helix Vault Adapter requests PATROL Agent identity validation from BMC Helix Operations Management

When a request is received from a PATROL Agent, the BMC Helix Vault Adapter forwards the request to BMC Helix Operations Management to validate the identity and authorization of the specific PATROL Agent before providing credentials.

1770886761856-355.png 3: BMC Helix Operations Management validates the PATROL Agent 
BMC Helix Operations Management verifies if a valid PATROL Agent is requesting to connect to the BMC Helix Vault Adapter. If the validation fails, the credential request is rejected.

collect.png 4: BMC Helix Vault Adapter requests credentials from the Vault Server

After successful validation, the BMC Helix Vault Adapter sends a credential retrieval request to the Vault Server.

5.jpg 5: The Vault Server returns credentials

The Vault Server retrieves the requested credentials and returns them to the BMC Helix Vault Adapter. The response includes:

  • The password for the remote monitored system
  • The associated metadata, such as credential expiry information
Vault Adapter icon 6: The BMC Helix Vault Adapter returns the credentials to the PATROL Agent

The BMC Helix Vault Adapter returns the retrieved credentials to the PATROL Agent at runtime. The PATROL Agent uses the credentials to authenticate to the remote monitored system. 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL Agent for BMC Helix Operations Management 26.2