Enabling vault access

This feature is available for BMC Helix Operations Management and works with PATROL Agent 23.1 and later.

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.
Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault. 

PATROL for IBM DB2 supports using password from vault. When you want to specify credentials while configuring a monitor policy for Oracle Enterprise database, you can use the vault to get the credentials.

PATROL for IBM DB2 supports the CyberArk vault only.

Before you begin

Enable vault access in PATROL Agent.

For more information, see Enabling vault access.

To enable vault access

You can enable it at the global level, environment level, and monitor type.

Global level variable has the highest precedence over other levels. The precedence order is global level > monitor type > environmental level.

Following are the examples of different environmental level:

Environment level

PATROL configuration variable

Value

JDBC Connection setup 

/PSO/DB2/JDBC/<EnvName>/isVaultEnabled

0=Disable
1=Enable

Local Connection setup 

/PSO/DB2/Local/<EnvName>/isVaultEnabled

Remote UNIX Connection setup 

/PSO/DB2/RemoteUnix/<EnvName>/isVaultEnabled

Remote Windows Connection setup 

/PSO/DB2/RemoteWin/<EnvName>/isVaultEnabled

Following are the examples of different monitor type:

Monitor Type

PATROL configuration variable

Value

JDBC Connection setup 

/PSO/DB2/JDBC/isVaultEnabled

0=Disable
1=Enable

Local Connection setup 

/PSO/DB2/Local/isVaultEnabled

Remote UNIX Connection setup 

/PSO/DB2/RemoteUnix/isVaultEnabled

Remote Windows Connection setup 

/PSO/DB2/RemoteWin/isVaultEnabled

Following are the examples of global, monitor type, and environment level configuration variables for which you can enable vault. Add one of the following configuration variables as per your requirement to enable vault.

Configuration level

Example

Description

Global level

/PSO/DB2/isVaultEnabled = 1

This is applicable to all the IBM DB2 monitoring environments configured in a monitoring policy.

Monitor type

/PSO/DB2/JDBC/isVaultEnabled = 1

This is applicable to all the JDBC monitoring types configured in a monitoring policy.

Environment level

/PSO/DB2/JDBC/<ENV_NAME>/isVaultEnabled = 1

This is applicable to a specific environment configured in a monitoring policy in a given monitoring type.
For example, /PSO/DB2/JDBC/Production/isVaultEnabled = 1
In this example, you monitor the Production environment having JDBC monitor type. 

If you are using vault to access the password in BMC Helix Operations Managemententer the query string in the Password and Confirm password field.

To add a configuration variable

  1. Click Configuration and select Monitor Policies.
  2. Locate the policy and click Edit.
  3. Click the Configuration Variables tab and then click Add Configuration Variable.
  4. On the Add Configuration Variable page, in the Variable field, enter the variable path and name.
  5. From the Operation list, select REPLACE
    You create a new variable by using the REPLACE operation.
  6. In the Value field, enter the value of the variable.
    If you do not enter a value, default value of the variable is used.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*