Utility for key vault and database authentication configuration
This interactive utility helps the user to change the key vault and database authentication configurations.
User will execute this utility using the JRE that is being used by the control room, in the installation directory C:\Program Files\Automation Anywhere\Enterprise.
To download the jar file that will be used, please open a browser and proceed to A-People Downloads page (Login required).
Full path of the configuration directory.
-actionSelect from the following:
This allows for the mapping to an external key, based on these three options:
Connect to AWS Secret Manager.
Connect to CyberArk.
Disable external key vault.
Configure SQL authentication settings.
Change to Windows authentication.
To change to SQL authentication where user provides username and password.
To change to SQL authentication using external key vault.
> jdk11\bin\java --module-path .\lib\ -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
Metrics for UPDATE_KEY_VAULT_CONFIGURATION
These are the metrics used by the UPDATE_KEY_VAULT_CONFIGURATION action.
- To change KEY_VAULT from one type of vault to another or to NONE, you must first manually set database and service account credentials that are currently being retrieved from the external key vault.
To change AWS to/from CYBERARK, user has to first change it to NONE.
- To change NONE from AWS/CYBERARK, database should not be connected on KEY_VAULT.
This utility will prompt the user to provide specific input information based on the options selected.
- Region →
- Region to get secrets from on AWS secret manager.
- Vault URL →
URL of the CyberArk password vault.
- Application ID →
The application identifier.
- Certificate Path →
Full path of the client certificate file.
- Passphrase →
Passphrase for the client certificate.
- Vault URL →
Note: Sometimes you will have to import a server certificate. Please follow these steps:In the directory: C:\Program Files\Automation Anywhere\Enterprise, execute the following:
> jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
- Add these jvm arguments to the command for executing
-Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks"
> jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
- If DB authentication is configured to use external key vault,
the utility will throw exception as:
Database currently configured to retrieve credentials from key vault. Update database authentication to WINDOWS/SQL to proceed further
- The utility might ask a confirmation to user:
Disable/update of key vault may impact functionalities using key vault (e.g. Active Directory configuration, Email Settings configuration). Make sure to update these settings (if any). Are you sure you want to continue?
- If DB authentication is configured to use external key vault, the utility will throw exception as:
- The utility will use the current logged-in user credential to connect to the DB provided during installation.
- KEY VAULT
- The utility will ask the user to provide input based on the key vault, and the connected control room.
Secret name → Name of the secret created on AWS secret manager of type database credentials or Plain Text with username and password as keys.
Safe name → Name of the safe which has the credential.
Object name → Name of the credential.
- NONEThe utility will send exception as
Key Vault configuration not found