Vault Servers

Overview

In TOS Aurora, you can maintain a list of CyberArk vault servers that can be used in place of defining credentials for individual devices. After TOS Aurora establishes the connection with the vault server, access to the device is authenticated using this connection. This includes actions like revision retrieval, dynamic topology, and provisioning, You can specify authentication of a device by a vault server for:

Prerequisites

Before you configure devices in SecureTrack to use the CyberArk vault server, do the following:

  • Verify that you defined an application in CyberArk and that you input the Certificate Serial Number in the Authentication tab.

  • Generate a certificate with a private key that enables SSL mutual authentication. This file has a .p12 extension and is required when adding a vault server to SecureTrack.

What Can I Do Here?

Add a Vault Server

  1. Click Add New Vault Server.

  2. Complete the required fields.

    • Name: Name of the vault server.

    • URL: Web address of the vault server.

    • Port: Port to access the vault server.

    • Application ID: ID of the application defined on the vault server.

    • Description: Type a description for the vault server.

    • Client Certificate: Certificate generated from the vault server. The file has a .p12 extension and contains a private key that SecureTrack uses to access the vault server.

    • Password: Certificate's password that is used to decrypt the .p12 file.

    • Retrieve Server Certificate: Click to download the server's public certificate. This certificate is stored in SecureTrack and enables full connectivity between SecureTrack and vault server.

  3. Click Create.

Edit a Vault Server

  1. Click and select Edit vault server.

  2. Change the required fields.

  3. Click Save.

Duplicate a Vault Server

  1. Click and select Duplicate vault server.

  2. Change the required fields.

  3. Click Create.

Delete a Vault Server

  1. Click and select Delete vault server.

  2. At the prompt, click Yes.

How Do I Get Here?

In SecureTrack, go to Admin > External Authentication > Vault Servers.