Managing static vaults
This section describes how to create and manage static accounts. The following topics are covered:
- Manage static vaults
- Adding a static vault Service
- Static vaults detail page
- Creating an account in the static vault
- Deleting a static vault
Manage static vaults
The Static vaults page allows you to create and view Static vaults. These vaults can be used to store credentials that Osirium PAM isn't able to manage directly, including passwords, SSH keys and API tokens. This may be because they exist on an Active Directory service or device that is unreachable to Osirium PAM, or because Osirium PAM does not have the privilege to audit or manage them.
You do not have to create a static vault for each Active Directory service or device, but it does make it easier to manage deployments that contain static accounts from multiple sources.
All accounts created in a static vault will be set to a state of Known.
The process for creating and using Static vaults is as follows:
Create a static vault service.
Add the desired accounts to the static vault.
Provision a device using a template that uses a Static vault account source.
- Select the static vault.
- Select a control account. The accounts listed are those that exist in the selected static vault.
You can now create a profile to give users access to the device.
Adding a static vault service
To add a new static vault:
In the left-hand menu, click on the
NEW STATIC VAULTicon next to Static vaults. The New static vault window will open within the Manage static vaults window.
Within the New static vault window, enter a name for the service which will hold the accounts.
SAVE. The Authentication Service Provision task is run and can be seen in the System queue.
Static vaults detail page
To view a vault's detail page, click on the name of a static vault. A new tab will open with the vault's detail page.
The following administrative tasks can be carried out for a static vault on the details page:
|Name||Change the name you reference your static vault within Osirium PAM.|
|CREATE ACCOUNT||Creates an account in the static vault.|
Creating an account in the static vault
Once the static vault has been created, the next step is adding an account to the static vault. This process simply stores the account name and credentials in the Osirium PAM static vault.
To add the account:
Within the Manage static vaults page, click on static vault you want to add the account to.
On the Static vault detail page, click the
Within the Create static account window, fill in the following details:
Field Name Description Static vault Greyed out so cannot be amended. Displays the static vault the account will be created in. Username Enter the account username. If a domain is required, enter it in the format displayed. Password Enter the account password or API token. Password again Re-enter the account password. SSH private key Click the icon to upload your SSH private key. SSH key passphrase If necessary, type an SSH key passphrase.
Accounts created can be used as both management and access accounts for devices provisioned against the static vault.
If a Static vault template for a particular device is not available in the latest template library, please contact Osirium Ltd.
Deleting a static vault
Deleting a static vault permanently removes the static vault from Osirium PAM.
Any devices using the static vault must be unprovisioned before the static vault is deleted.
To delete a static vault:
In the left-hand menu, click on
On the Manage static vaults page, right-click on the static vault to be deleted and select the
Deletefrom the context menu.
Within the Question window, click
YES, if you are sure you want to delete the service from Osirium PAM.
The static vault and all accounts created within the store will be removed from Osirium PAM.