Enabling vault access

This feature is available for BMC Helix Operations Management and works with PATROL Agent 23.1 and later.

A vault is a tool designed to control access to sensitive credentials. It can also generate access keys dynamically for specific services or applications.

Vault eliminates hard coded application credentials embedded in applications, configuration files, and allows the sensitive passwords to be centrally stored, logged, and managed within the vault.  


PATROL for Oracle Enterprise Database supports using password from vault. When you want to specify credentials while configuring a monitor policy for Oracle Enterprise database , you can use the vault to get the credentials.

PATROL for Oracle Enterprise Database supports the CyberArk vault only.

Before you begin

Enable vault access in PATROL Agent.

For more information, see Enabling vault access.

Related topic

Enabling vault access in PATROL Agent

To enable vault access

Add the following pconfig variable to enable vault.

For more information about adding pconfig, see Configuration Variables.

/KOE/Oracle/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/<ENVIRONMENT_NAME>/isVaultEnabled = "1",
or
/KOE/Oracle/<Monitor_TYPE>/<ENVIRONMENT_NAME>/<HOST>|<PORT>|<SID>/isVaultEnabled = "1",

Value

Description

0

disable

1

enable

You can enable it at the global level, instance level, environment level, and monitor type.

Instance level variable has the highest precedence over other levels. The precedence order is Instance level > environmental level > monitor type > global level.

Following are the examples of different monitor types :

Monitor Type

Example

Oracle Standalone

  • Monitor type:  /KOE/Oracle/Standalone/isVaultEnabled
  • Environment: /KOE/Oracle/Standalone/ProdEnv/isVaultEnabled
  • Instance: /KOE/Oracle/Standalone/ProdEnv/abc.xyz.com|1521|orcl/isVaultEnabled

Oracle Dataguard

  • Monitor type:  /KOE/Oracle/DataGuard/isVaultEnabled
  • Environment: /KOE/Oracle/DataGuard/ProdEnv/isVaultEnabled
  • Instance: /KOE/Oracle/DataGuard/ProdEnv/abc.xyz.com|1521|orcl/isVaultEnabled

Oracle ASM

  • Monitor type:  /KOE/Oracle/ASM/isVaultEnabled
  • Environment: /KOE/Oracle/ASM/ProdEnv/isVaultEnabled
  • Instance: /KOE/Oracle/ASM/ProdEnv/abc.xyz.com|1521|+ASM/isVaultEnabled

Oracle RAC

  • Monitor type:  /KOE/Oracle/RAC/isVaultEnabled
  • Environment: /KOE/Oracle/RAC/ProdEnv/isVaultEnabled
  • Instance: /KOE/Oracle/RAC/ProdEnv/abc.xyz.com|1521|orcl/isVaultEnabled

Oracle Listener

  • Monitor type:  /KOE/Oracle/Listener/isVaultEnabled
  • Environment: /KOE/Oracle/Listener/ProdEnv/isVaultEnabled
  • Instance: /KOE/Oracle/Listener/ProdEnv/abc.xyz.com/isVaultEnabled

If you are using vault to access the password in BMC Helix Operations Management, enter the query string in the Password and Confirm password field.

Migrating from the existing Oracle authentication process to use vault

Ensure you have enabled the PATROL configuration (pconfig) variables required for vault support. For more information, see Enabling vault access

  1. Edit the monitoring policy created for Oracle enterprise database.
  2. Search for credentials field and replace the user password with vault query string in the Password and Confirm password field.
  3. Save the policy.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*