Viewing password archive
The Asset Administrator can access a previous password for an account for a specific date.
The Password Archive dialog only displays previously assigned passwords for the selected asset based on the date specified. This dialog does not display the current password for the asset. The password archive is never purged.
You view an account's password validation and reset history on the Check and Change Log tab.
To access an account's previous password
- Navigate to Asset Management > Accounts.
- Select an account and click Password Archive.
-
In the Password Archive dialog, select a date. If you select today's date (or a previous date) and no entries are returned, this indicates that the asset is still using the current password.
- In the View column, click to display the password that was assigned to the asset at that given date and time.
- In the details dialog, click Copy to copy the password to your copy buffer.
Checking, changing, or setting an SSH key
The Asset Administrator can manually check, change, or set an SSH key from the Account Security menu.
To manually check, change, or set an SSH key
- Navigate to Asset Management > Accounts.
- In Accounts, select an account from the object list.
- Click Account Security from the toolbar.
Select one of these option.
- Check SSH Key to verify the account SSH key is in sync with the Safeguard for Privileged Passwords database. If the SSH key verification fails, you can change it.
- Change SSH Key to reset and synchronize the SSH key with the Safeguard for Privileged Passwords database. For service accounts, use this selection and do not use Generate SSH Key to change the SSH key.
- Set SSH Key to set the SSH key in the Safeguard for Privileged Passwords database. The Set SSH Key option does not change the account SSH key on the asset. The Set SSH Key option provides the following options.
-
Import an SSH Key: Import a private key file for an SSH key that has been generated outside of Safeguard for Privileged Passwords and assign it to the account. Click Browse to import the key file, enter a Password, then click OK.
When importing an SSH key that has already been manually configured for an account on an asset, it is recommended that you first verify that the key has been correctly configured before importing the key. For example, you can run an SSH client program to check that the private key can be used to login to the asset: ssh -i <privatekeyfile> -l <accountname> <assetIp>. Refer to the OpenSSH server documentation for the target platform for more details on how to configure an authorized key.
NOTE:Safeguard for Privileged Passwords does not currently manage the options for an authorized key. If an imported key has any options configured in the authorized keys file on the asset, these options will not be preserved when the key is rotated by Safeguard for Privileged Passwords.
- Deploy SSH Key: If not already configured, install the account's current SSH key on the asset in the correct file for the account.
Viewing SSH key archive
The Asset Administrator can access a previous SSH key for an account for a specific date.
The SSH Key Archive dialog only displays previously assigned SSH keys for the selected asset based on the date specified. This dialog does not display the current SSH key for the asset. The SSH key archive is never purged.
You view an account's SSH key validation and reset history on the Check and Change Log tab.
To access an account's previous SSH key
- Navigate to Asset Management > Accounts.
- Select an account name and click SSH Key Archive.
-
In the SSH Key Archive dialog, select a date. If you select today's date (or a previous date) and no entries are returned, this indicates that the asset is still using the current SSH key.
- In the View column, click to display the SSH key that was assigned to the asset at that given date and time.
- In the details dialog, click Copy to copy the SSH key to your copy buffer, or click OK to close the dialog.
Checking, changing, or setting an API key
The Asset Administrator can manually check, change, or set an API key associated with Azure AD and AWS connectors from the Account Security menu.
To manually check, change, or set an API key
- Navigate to Asset Management > Accounts.
- In Accounts, select an account from the object list.
- Click Account Security from the toolbar.
- Select Manage API Keys.
-
Click Account Security from the toolbar and select one of these option:
-
Check API Key to verify the API key is in sync with the Safeguard for Privileged Passwords database. If the API key verification fails, you can change it.
-
Change API key to reset and synchronize the API key with the Safeguard for Privileged Passwords database.
-
Set API Key Secret to set the API key secret in the Safeguard for Privileged Passwords database. This option does not change the API key information on the platform. The following options may appear depending on the type of platform:
-
Client Identifier: Copy the client identifier from the platform and add it to this field.
-
Client Secret: Copy the client secret from the platform and add it to the field. Once configured, click Copy to put it into your copy buffer. You can then log in to your device, using the old client secret, and change it to the client secret in your copy buffer.
-
Client Secret Identifier (Azure AD only): Copy the client secret identifier from the platform and add it to the field. If the identifier doesn't match, when you attempt to change the API key for the Azure AD platform it will create a new one with the identifier set in Safeguard for Safeguard for Privileged Passwords.
-
Set Client Secret: Click this button to save the configuration.
-
API Key Archive to view the API Key archive. For more information, see Viewing API Key Archive.