Create locker

Create a locker to group similar credentials to share with other users.

Prerequisites

You must either have the AAE_Locker Admin role or Manage my credentials and lockers permission and the necessary permission to View Users and Roles.

Note: You must have the View Users and Roles basic information permission to view information about other users to add them as locker owners/Managers/participants. Without this permission, an "Access denied" error will occur.

See RBAC for Credential Vault credentials management

There is no limit on the number of credentials that can be stored in a locker. A credential can only belong to one locker. See Create credential. Credentials are further divided in logical groups called lockers.

Procedure

To create a locker, follow these steps:

Navigate to Manage > Credentials, and then click the Lockers tab.
Click Create locker.
Enter the Name.
Optional: Enter a description.
Select the Credentials to add to the locker or select External key vault.
Enter External key vault credentials.
If integrating with an external key vault, such as AWS, Azure, or CyberArk, enter the required credentials for the specified external locker:

AWS

Enter the prefix of secrets stored in the locker.

CyberArk

Enter the safe name where the credential lockers are stored.

Azure

Enter the prefix stored in the locker.
Click Next.
Add the Owners.
A locker must have at least one owner. The locker owner can edit, view, and delete a locker and also add or remove other owners.
Click Next.
Optional: Add the Managers and click Next.
The locker manager can view, edit and delete the locker, and add participants but cannot add owners or managers to the locker.
Optional: Add the Participants and click Next.
A locker participant has access to view a locker and add their own credentials to a locker.
Note: A locker participant does not have access to or visibility of credentials created by other users.

Add the Consumers.

Select one or more roles. Users with these roles have access to the locker. System-created roles are not shown in the Consumers list.

Type	Permission
Standard	Locker consumers can view the locker and all the credentials inside the locker. All consumers see the same credential value set by the credential owner.
User-provided	Locker consumers can input their information in user-provided credentials with user-provided attributes.

Click Create locker.

If the email notification setting is enabled, users receive an email confirming the locker name and their permissions to that locker.

Automation 360