On-Premises post-installation using HashiCorp Vault

You use the command-line interactive key vault utility during a scheduled system downtime where you must stop all running Control Room services. You should coordinate with the HashiCorp administrative team for any key vault configuration changes that might impact connectivity parameters (such as App ID, vault URL, port numbers, and certificate) during downtimes.

Prerequisites

Note: If you use the key vault utility to disable HashiCorp Vault integration, you must first unmap any mapped credentials that are in use.

Using the post-installation method, you can perform these actions:

Modify or configure the external key vault connection parameters.
(If not configured during initial installation) Modify or configure the service account credential (Active Directory master password).
(If not configured during initial installation) Modify or configure the database (bootstrap) credential identifier (retrieved when authenticating the database).
Note: Retrieving bootstrap credentials from an external key vault might cause the Control Room to fail if the external key vault is not accessible during boot-up; or if the external key vault is not accessible when the Control Room refreshes database connections and authenticates users with Active Directory.
Recover the Control Room for these reasons:
- If the external key vault connection parameters, the service account, and database credential safe and object identifiers were modified.
- If the HashiCorp Vault connection parameters changes caused the Control Room to experience connectivity issues.
- If credential identifiers for bootstrap passwords changed.
  You can update any initial configuration settings that were not set correctly and recover the system.
Note:
You can configure and edit SMTP and AD credential identifiers to retrieve information from the external key vault from the Automation 360 Control Room by navigating to Administration > Settings > Email and Administration > Settings > Active Directory.

Procedure

Automation 360

On-Premises post-installation using HashiCorp Vault