Add Databases to Password Safe

There are two ways to discover and manage database instances:

  • Auto Discover using a scan template, and then auto-manage using a smart group. Use this method for SQL Server and Oracle.
  • Manually add and manage databases. Use this method for MongoDB, MySQL, Sybase ASE, and Teradata.

Auto Discover and Manage Database Instances

The following scan templates include database instance data in the scan results:

  • All Audit Scan
  • Asset Report Scan

After you run a scan, the assets are displayed on the Assets page. At this point, you can create a Smart Rule to manage the database instances.

  1. Select Configuration > General > Smart Rules.
  2. Click Create Smart Rule.

Screenshot showing filters for Smart Rule for adding databases to Password Safe management

  1. Select or create a new category and provide a name and description for the smart group.
  2. For selection criteria, select Address Group, and then select the group that includes the database instances.
  3. Add another condition, select Host Database Instance, and then select the database types.
  4. For the actions, select Show asset as Smart Group.
  5. Add more actions of Manage Assets using Password Safe, and then select the platforms, account name formats, functional accounts, and other desired settings, ensuring to use the default port numbers for the databases:
    • Oracle: 1521
    • SQL Server: 1433
  6. Click Create Smart Rule.

Manually Add Database Instances

You can manually add the following database instance types. When selecting the database platform, ensure the correct port number is displayed.

  • Mongo: 27017
  • SQL Server: 1433
  • MySQL: 3306
  • Oracle: 1521
  • PostgreSQL: 5432
  • Sybase ASE: 5000
  • Teradata: 1025

Manually Add Databases to Assets Managed by Password Safe

  1. From the menu, select Assets.
  2. Select the desired asset, and then click the More Option button, and select Go to advanced details.

Screenshot of Add Database to Asset

  1. Under General Data, select Databases.
  2. Click Add Databases.
  3.  

Screenshot of the Form to Add a Database to an Asset

  1. Provide a name, select the platform, add a version, leave the default port, and then click Save Database.

 

Manually Add Databases to Password Safe Management

  1. From the menu, select Assets.

Screenshot of the Database Host Icon in the Assets Grid

  1. Assets that host database instances are indicated by a Database Host icon in the Solution column.

 

  1. Select the desired asset, and then click the More Option button, then select Go to advanced details.

Screenshot of Add Database Instance to Password Safe Management

  1. Under General Data, select Databases.
  2. For the desired instance, click the More Options icon, and then select Add to Password Safe.

 

  1. Select the functional account and other desired settings, and then click Create Managed System.

Manage Database Instance Accounts

Once the database instances are managed, create a managed accounts Smart Rule to manage the database instance accounts. The steps are the same for both auto discovered or manually added database instances.

Screenshot showing selection criteria and actions for creating a managed accounts Smart Rule to manage the database instance accounts.

  1. Create a managed account based Smart Rule, and select the criteria that will match on the database instance account name.
  2. Select Yes from the Discover accounts for Password Safe Management list.
  3. From the Discover accounts from list, select the address group where the database instance resides.

 

If you have named functional accounts (which are not defaults), you should remove them from management by using managed account field filters, as shown in the screen shot.

  1. In the Actions section, select Show managed account as a Smart Group from the list.
  2. Select Manage Account Settings from the list.
  3. Select a password rule, and either Auto-Manage the Accounts or not.
  4. Click Create Smart Rule.

When using MYSQL with multiple accounts with the same name, Password Safe can only support rotating the password on all instances of the username using a functional account.