You can configure shared keys by assigning the key value to a specific key domain. The key domain is used for storing the same type of grouped key values together.
When you configure shared keys in a key domain, only the privileged users can access those keys by checking out the keys. These users can checkout the shared key along with the fields that are configured with the shared key. There is no time limit for using the shared key.
You can use the policy template to create rules for the checkout of SSH, Windows, and VMWare keys. For more information about policy templates, refer Section 5.0, Policy Templates. You cannot use the emergency access feature to request or grant access for using a shared key. To grant access to shared key for privileged users, you must create a rule for those users.
To configure the shared keys perform the following:
A key domain is not associated with any host or IP address. It is used for distinguishing different types of keys that have different specifications. Hence, this domain is not added as an account domain but as a shared key domain of Privileged Account Manager. For more information about shared key domain, refer Shared Key Domain.
To create a key domain for the keys that have the same type of values and includes the same type of fields, perform the following:
On the home page of the Administration console, click Enterprise Credential Vault.
In the left pane, click Shared Key Management.
In the middle pane, click Add.
In the right pane, specify the following:
Name: Specify a unique name for the domain. It is recommended to use a name that clearly represents the purpose of the keys that are stored in the domain.
Type: Select the type of domain based on the type of keys that you will add in the domain. For example, if you want to create a domain for the keys that will include private key and passphrase, select Type as SSH Key.
Select Custom Key if you do not want to use the available domain types. Also, specify the name for the type of the domain.
NOTE:After adding a key domain, you cannot modify the type of domain.
Multiuser: Click this option if you want to give access to multiple users with the keys that are included in this key domain.
(Conditional) If you select the type as Custom Key, you can create a command for custom key by clicking Create Command for Custom Key. The name of the command will be same as the name specified for type of the domain.
NOTE:The command for SSH, Windows, and VMWare keys are created by default.
(Conditional) If you want to add additional fields for the keys, then click Add Row and specify the details.
These additional fields are also displayed during the checkout of a key.
Click Add.
You can add any required number of keys to a key domain. Any user who is authorized to view the keys in a specific domain can checkout the keys.
To add a shared key, perform the following:
On the Enterprise Credential Vault page, click Shared Key Management.
In the middle pane, click the required key domain.
The right pane displays the details of the domain with the list of keys that are added to the domain.
Click the Add Key icon.
In the right pane, specify the name of the key and its value.
If Multiuser is selected for the domain, specify the limit of users who can use the key by specifying a numerical value in the Maximum Usage field.