3.7. Static vaults
This chapter describes how to create and manage static accounts. The following topics are covered:
3.7.1. Manage static vaults
The static vaults page allows you to create and view static vaults. These vaults can be used to store credentials that PxM isn’t able to manage directly, including passwords, SSH keys and API tokens. This may be because they exist on an Active Directory service or device that is unreachable to PxM, or because PxM does not have the privilege to audit or manage them.
You do not have to create a static vault for each Active Directory service or device, but it does make it easier to manage deployments that contain static accounts from multiple sources.
All accounts created in a static vault will be set to a state of Known.
The process for creating and using static vaults is as follows:
- Create a static vault service.
- Add the desired accounts to the static vault.
- Provision a device using a template that uses a Static vault account source.
- Select the static vault.
- Select a control account. The accounts listed are those that exist in the selected static vault.
- You can now create a profile to give users access to the device.
3.7.2. Adding a static vault service
To add a new static vault:
In the left-hand menu, click on the New static vault icon next to Static vaults. The New static vault window will open within the Manage static vaults window.
Within the New static vault window, enter a name for the service which will hold the accounts.
The Authentication Service Provision task is run and can be seen in the System queue.
3.7.3. Static vaults detail page
To view a vault’s detail page, click on the name of a static vault. A new tab will open with the vault’s detail page.
The following administrative tasks can be carried out for a static vault on the details page:
|Name||Change the name you reference your static vault within PxM.|
|Create account||Creates an account in the static vault.|
3.7.4. Creating an account in the static vault
Once the static vault Account source has been created, the next step is adding an account to the static vault. This process simply stores the account name and credentials in the PxM static vault.
To add the account:
Within the Manage static vaults page, click on static vault you want to add the account to.
On the Static vault detail page, click the Create account button.
Within the Create static account window, fill in the following details:
Field Name Description Static vault Greyed out so cannot be amended. Displays the static vault the account will be created in. Username Enter the account username. If a domain is required, enter it in the format displayed. Password Enter the account password or API token. Password again Re-enter the account password. SSH private key Click the icon to upload your SSH private key. SSH key passphrase If necessary, type an SSH key passphrase.
Accounts created can be used as both management and access accounts for devices provisioned against the static vault.
If a Static vault template for a particular device is not available in the latest template library, please email email@example.com and we will be happy to assist.
3.7.5. Deleting a static vault
Deleting a static vault permanently removes the static vault from PxM.
Any devices using the static vault must be unprovisioned before the static vault is deleted.
To delete a static vault:
In the left-hand menu, click on Static vaults.
On the Manage static vaults page, right-click on the static vault to be deleted and select Delete from the context menu.
Within the Question window, click Yes, if you are sure you want to delete the service from PxM.
The static vault and all accounts created within the store will be removed from PxM.