Skip to content

Managing static vaults

This section describes how to create and manage static accounts. The following topics are covered:

Manage static vaults

The Static vaults page allows you to create and view Static vaults. These vaults can be used to store credentials that Osirium PAM isn't able to manage directly, including passwords, SSH keys and API tokens. This may be because they exist on an Active Directory service or device that is unreachable to Osirium PAM, or because Osirium PAM does not have the privilege to audit or manage them.

You do not have to create a static vault for each Active Directory service or device, but it does make it easier to manage deployments that contain static accounts from multiple sources.

All accounts created in a static vault will be set to a state of Known.

The process for creating and using Static vaults is as follows:

  1. Create a static vault service.

  2. Add the desired accounts to the static vault.

  3. Provision a device using a template that uses a Static vault account source.

    • Select the static vault.
    • Select a control account. The accounts listed are those that exist in the selected static vault.
  4. You can now create a profile to give users access to the device.

Adding a static vault service

To add a new static vault:

  1. On the Manage static vaults page, click on the Plus icon NEW STATIC VAULT button. The New static vault window will open.

  2. Within the New static vault window, enter a name for the service which will hold the accounts.

    New static vault

  3. Click SAVE. The Authentication Service Provision task is run and can be seen in the System queue.

    Manage static vaults

Static vaults detail page

To view a vault's detail page, click on the name of a static vault.

Static Vaults detail page

The following administrative tasks can be carried out for a static vault on the details page:

Field Name Description
Name Change the name you reference your static vault within Osirium PAM.
Plus icon CREATE ACCOUNT Creates an account in the static vault.

Creating an account in the static vault

Once the static vault has been created, the next step is adding an account to the static vault. This process simply stores the account name and credentials in the Osirium PAM static vault.

To add the account:

  1. Within the Manage static vaults page, click on static vault you want to add the account to.

  2. On the Static vault detail page, click the Plus icon CREATE ACCOUNT button.

  3. Within the Create static account window, fill in the following details:

    Create static account

    Field Name Description
    Static vault Greyed out so cannot be amended. Displays the static vault the account will be created in.
    Username Enter the account username. If a domain is required, enter it in the format displayed.
    Password Enter the account password or API token.
    Password again Re-enter the account password.
    SSH private key Click the icon to upload your SSH private key.
    SSH key passphrase If necessary, type an SSH key passphrase.
  4. Click CREATE.

    Accounts created can be used as both management and access accounts for devices provisioned against the static vault.

    If a Static vault template for a particular device is not available in the latest template library, please contact Osirium.

Deleting a static vault

Deleting a static vault permanently removes the static vault from Osirium PAM.

Note

Any devices using the static vault must be unprovisioned before the static vault is deleted.

To delete a static vault:

  1. On the Manage static vaults page, right-click on the static vault to be deleted and select the Delete icon Delete from the context menu.

  2. Within the Question window, click YES, if you are sure you want to delete the service from Osirium PAM.

    Confirm deletion

    The static vault and all accounts created within the store will be removed from Osirium PAM.