...
- If the task specifies Credentials, the Agent uses those Credentials.
- If the task does not specify Credentials, the Agent uses the Credentials specified in its Agent Details recordDetails record.
- If the Agent Details does not specify Credentials, the Agent uses the Credentials used to install the Agent.
...
- Apply maintenance to a pre-6.4.x release of Universal Controller to increase it to a 7.25.x release.
- Perform a bulk import or list import from a pre-6.4.x release of Universal Controller to a 7.25.x release.
- Promote from a pre-6.4.x release of Universal Controller to a 7.25.x release.
Under the following circumstance, conversion from the new encryption to the old encryption will be automatic.
- Promote from a 7.25.x release of Universal Controller to a compatible pre-6.4.x release. However, any attempt to promote a Resolvable Credential from a 7.25.x release of Universal Controller to a compatible pre-6.4.x release will fail.
Pre-6.4.0.0 releases cannot decrypt anything encrypted by a 7.25.x release, with the exception of promotion (noted above), which is fully backwards compatible.
...
- Any attempt to List Import or Bulk Import XML (containing a password encrypted by a 7.25.x release) into a pre-6.4.0.0 release will result in an encrypted value that cannot be decrypted by the pre-6.4.0.0 release.
- Any encrypted passwords within the Universal Controller Start-up Properties will be re-encrypted using the new algorithm when the 7.25.x Controller initializes at start-up. Once converted, that Universal Controller Start-up Properties will no longer be compatible with a pre-6.4.0.0 release.
...
Field Name | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Details | This section contains detailed information about the credential. | ||||||||||||
Name |
| ||||||||||||
Version | System-supplied; version number of the current record, which is incremented by Universal Controller every time a user updates a record. Click on the Versions tab to view previous versions. For details, see Record Versioning. | ||||||||||||
Description |
| ||||||||||||
Member of Business Services |
| ||||||||||||
| Type of Credential.
| ||||||||||||
Provider | Specifies Provider. Options:
Default is Universal Controller. | ||||||||||||
Provider Parameters | When switching the Provider option, the default Provider Parameters for each provider will be populated. When switching to the Universal Controller provider, the Provider Parameters will not be displayed. | ||||||||||||
Runtime User |
| ||||||||||||
Runtime Password |
| ||||||||||||
Key Location |
| ||||||||||||
Passphrase |
| ||||||||||||
Token |
| ||||||||||||
Metadata | This section contains Metadata information about this record. | ||||||||||||
UUID | Universally Unique Identifier of this record. | ||||||||||||
Updated By | Name of the user that last updated this record. | ||||||||||||
Updated | Date and time that this record was last updated. | ||||||||||||
Created By | Name of the user that created this record. | ||||||||||||
Created | Date and time that this record was created. | ||||||||||||
Buttons | This section identifies the buttons displayed above and below the Credential Details that let you perform various actions. | ||||||||||||
Save | Saves a new Credential record in the Controller database. | ||||||||||||
Save & New | Saves a new record in the Controller database and redisplays empty Details so that you can create another new record. | ||||||||||||
Save & View | Saves a new record in the Controller database and continues to display that record. | ||||||||||||
New | Displays empty (except for default values) Details for creating a new record. | ||||||||||||
Update |
| ||||||||||||
Test Provider | For providers other than Universal Controller. Test Provider button will be available for validating the configured Provider Parameters. | ||||||||||||
Convert... | Allows you to convert the current Credential Type to a new type and define a new password for the Credential (see Converting Credential Types). | ||||||||||||
Delete |
| ||||||||||||
Refresh | Refreshes any dynamic data displayed in the Details. | ||||||||||||
Close | For pop-up view only; closes the pop-up view of this credential. | ||||||||||||
Tabs | This section identifies the tabs across the top of the Credential Details that provide access to additional information about the credential. | ||||||||||||
|
|
Anchor | ||||
---|---|---|---|---|
|
Provider Parameters
When switching the Provider option, the default Provider Parameters for each provider will be populated.
...
If a provider parameter is sensitive, value input will be masked in the client, and encrypted in the database. When viewing existing credentials, sensitive provider parameter values are never sent to the client.
Anchor | ||||
---|---|---|---|---|
|
AWS Secrets Manager
Provider Parameter | Required | Description |
---|---|---|
ACCESS_KEY_ID | true | The AWS access key, used to identify the user interacting with AWS. |
SECRET_ACCESS_KEY | true | The AWS secret access key, used to authenticate the user interacting with AWS. |
REGION | true | The region name (e.g., us-east-1). |
SECRET_ID | true | The ARN or name of the secret to retrieve. |
SECRET_PASSWORD_KEY | false | If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs. Specifies the key for the password in the JSON structure.
|
SECRET_PASSPHRASE_KEY | false | Specifies the key for the passphrase in the JSON structure.
|
SECRET_TOKEN_KEY | false | Specifies the key for the token in the JSON structure.
|
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 3600 seconds / 1 hour) |
Anchor | ||||
---|---|---|---|---|
|
Azure Key Vault
Provider Parameter | Required | Description |
---|---|---|
KEY_VAULT_NAME | true | The name of the Key Vault used to build the vault URL to send HTTP requests to.
|
SECRET_NAME | true | The name of the secret. |
CLIENT_ID | true | The client (application) ID. |
TENANT_ID | true | The Azure Active Directory tenant (directory) Id. |
CLIENT_SECRET | The client secret used to authenticate.
| |
CLIENT_ASSERTION | The client assertion used to authenticate.
| |
PEM_CERTIFICATE | The path of the PEM certificate used for authenticating.
| |
PFX_CERTIFICATE | The path of the PFX certificate used for authenticating.
| |
PFX_CERTIFICATE_PASSWORD | The password for the PFX certificate.
| |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 28800 seconds / 8 hours) |
Anchor | ||||
---|---|---|---|---|
|
CyberArk Credential Provider
Provider Parameter | Required | Description |
---|---|---|
APPLICATION_ID | true | The unique ID of the application issuing the password request. |
SAFE | true | The name of the Safe where the password is stored. |
FOLDER | true | The name of the folder where the password is stored. |
OBJECT | true | The name of the password object to retrieve. |
REASON | false | The reason for retrieving the password. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds) |
Anchor | ||||
---|---|---|---|---|
|
CyberArk Central Credential Provider
Provider Parameter | Required | Description |
---|---|---|
HOST | true | The hostname of the Central Credential Provider. |
PORT | true | The port of the Central Credential Provider. |
APPLICATION_ID | true | The unique ID of the application issuing the password request. |
SAFE | true | The name of the Safe where the password is stored. |
FOLDER | true | The name of the folder where the password is stored. |
OBJECT | true | The name of the password object to retrieve. |
KEYSTORE | true | The path of the keystore containing the client certificate used for authenticating. |
KEYSTORE_PASSWORD | false | The password used to unlock the keystore. |
KEYSTORE_TYPE | false | The type of keystore. (default PKCS12)
|
KEYSTORE_ALIAS | false | The name of a specific entry in the keystore to use. |
CACHE_TTL | false | The TTL (Time To Live), in seconds, for the cached secret before a new request to the provider is made. (default 5 seconds) |
Anchor | ||||
---|---|---|---|---|
|
Deleting a Credential
You cannot delete a Credential if any references exist for the Credential.
...