7.6. Static vaults

This chapter describes how to create and manage static accounts. The following topics are covered:

7.6.1. Manage static vaults

The static vaults page allows you to create and view static vaults. These vaults can be used to store credentials that PxM isn’t able to manage directly, including passwords, SSH keys and API tokens. This may be because they exist on an Active Directory service or device that is unreachable to PxM, or because PxM does not have the privilege to audit or manage them.

You do not have to create a static vault for each Active Directory service or device, but it does make it easier to manage deployments that contain static accounts from multiple sources.

All accounts created in a static vault will be set to a state of Known.

The process for creating and using static vaults is as follows:

  1. Create a static vault service.
  2. Add the desired accounts to the static vault.
  3. Provision a device using a template that uses a Static vault authentication service.
    • Select the static vault.
    • Select a control account. The accounts listed are those that exist in the selected static vault.
  4. You can now create a profile to give users access to the device.

7.6.2. Adding a static vault service

To add a new static vault:

  1. In the left-hand menu, click on the Plus iconNew static vault icon next to Static vaults. The New static vault window will open within the Manage static vaults window.

  2. Within the New static vault window, enter a name for the service which will hold the accounts.

    WebUI New Static vault name window

  3. Click Save.

    The Authentication Service Provision task is run and can be seen in the System queue.

    WebUI Manage static vaults

7.6.3. Static vaults detail page

To view a vault’s detail page, click on the name of a static vault. A new tab will open with the vault’s detail page.

WebUI Static Vaults detail page

The following administrative tasks can be carried out for a static vault on the details page:

Field Name Description
Name Change the name you reference your static vault within PxM.
Plus icon Create account Creates an account in the static vault.

7.6.4. Creating an account in the static vault

Once the static vault Authentication service has been created, the next step is adding an account to the static vault. This process simply stores the account name and credentials in the PxM static vault.

To add the account:

  1. Within the Manage static vaults page, click on static vault you want to add the account to.

  2. On the Static vault detail page, click the Plus iconCreate account button.

  3. Within the Create static account window, fill in the following details:

    WebUI Static Vault Create Static Account windows

    Field Name Description
    Static vault Greyed out so cannot be amended. Displays the static vault the account will be created in.
    Username Enter the account username. If a domain is required, enter it in the format displayed.
    Password Enter the account password or API token.
    Password again Re-enter the account password.
    SSH private key Click the icon to upload your SSH private key.
    SSH key passphrase If necessary, type an SSH key passphrase.
  4. Click Create.

    Accounts created can be used as both management and access accounts for devices provisioned against the static vault.

    If a Static vault template for a particular device is not available in the latest template library, please email support@osirium.com and we will be happy to assist.

7.6.5. Deleting a static vault

Deleting a static vault permanently removes the static vault from PxM.

Note

Any devices using the static vault must be unprovisioned before the static vault is deleted.

To delete a static vault:

  1. In the left-hand menu, click on Static vaults.

  2. On the Manage static vaults page, right-click on the static vault to be deleted and select Delete iconDelete from the context menu.

  3. Within the Question window, click Yes, if you are sure you want to delete the service from PxM.

    WebUI Confirm delete service question

    The static vault and all accounts created within the store will be removed from PxM.