Utility for key vault and database authentication configuration
This interactive utility helps the user to change the key vault and database authentication configurations.
User will execute this utility using the JRE that is being used by the control room, in the installation directory C:\Program Files\Automation Anywhere\Enterprise.
To download the jar file that will be used, open a browser and proceed to A-People Downloads page (Login required).
Full path of the configuration directory
-actionSelect from the following:
This allows for the mapping to an external key based on the following options:
Connect to AWS Secret Manager.
Connect to CyberArk.
Disable external key vault.
Configure SQL authentication settings.
Change to Windows authentication.
To change to SQL authentication where user provides username and password.
To change to SQL authentication using external key vault.
> jdk11\bin\java --module-path .\lib\ -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
Metrics for UPDATE_KEY_VAULT_CONFIGURATION
The metrics used by the UPDATE_KEY_VAULT_CONFIGURATION action are as follows:
- To change KEY_VAULT from one type of vault to another or to NONE, you must first manually set database and service account credentials that are currently being retrieved from the external key vault.
To change AWS to CYBERARK or the other way around, you must first change it to NONE.
- To change NONE from AWS/CYBERARK, database should not be connected on KEY_VAULT.
This utility will prompt the user to provide specific input information based on the options selected.
- Region →
- Region to get secrets from on AWS secret manager.
- Vault URL →
URL of the CyberArk password vault
- Application ID →
The application identifier
- Certificate Path →
Full path of the client certificate file
- Passphrase →
Passphrase for the client certificate
- Vault URL →
Note: Sometimes, you will have to import a server certificate. Perform the following steps in the C:\Program Files\Automation Anywhere\Enterprise directory:
- Enter the
> jdk11\bin\java -jar certmgr.jar -appDir . -importTrustCert <Full path of the certificate>
- Add the following jvm arguments to the command for
executing this utility.
-Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks"
> jdk11\bin\java -Djavax.net.ssl.trustStore="C:\Program Files\Automation Anywhere\Enterprise\pki\trust\store.ks" -Djavax.net.ssl.trustStorePassword=changeit --module-path lib -jar crutils.jar -configPath <Full path of the config directory> -action <UPDATE_KEY_VAULT_CONFIGURATION/UPDATE_DB_AUTHENTICATION_CONFIGURATION>
- Enter the following:
- If DB authentication is configured to use external key vault,
the utility throws the following exception:
Database currently configured to retrieve credentials from key vault. Update database authentication to WINDOWS/SQL to proceed further
- The utility might ask a confirmation to user:
Disable/update of key vault may impact functionalities using key vault (e.g. Active Directory configuration, Email Settings configuration). Make sure to update these settings (if any). Are you sure you want to continue?
- If DB authentication is configured to use external key vault, the utility throws the following exception:
- To connect to the DB provided during installation, the utility uses the credentials of the user currently logged in:
- KEY VAULT
- The utility asks the user to provide input based on the key vault and the connected control room.
Secret name → Name of the secret created on AWS secret manager of type database credentials or Plain Text with username and password as keys.
Safe name → Name of the safe which has the credential.
Object name → Name of the credential.
- NONEThe utility sends the following exception and exit:
Key Vault configuration not found