Add Databases to Password Safe

There are two ways to discover and manage database instances:

  • Auto-discover using a scan template, and then auto-manage using a Smart Group. Use this method for SQL Server and Oracle.
  • Manually add and manage databases. Use this method for MongoDB, MySQL, Sybase ASE, and Teradata.

Auto Discover and Manage Database Instances

The following scan types include database instance data in the scan results:

  • Detailed Discovery Scan: This scan requires credentials and it deploys a scan agent to the scan targets. Besides systems, this scan provides associated information on services, scheduled tasks, users, and databases.
  • Advanced Discovery Scan: This scan performs the same operations of the detailed scan, but provides information on all associated attributes.

After you run a scan, the assets are displayed on the Assets page. At this point, you can create a Smart Rule to manage the database instances.

  1. Select Configuration > General > Smart Rules.
  2. Click Create Smart Rule.

Smart Rule for adding databases to Password Safe management showing filters.

  1. Select or create a new category and provide a name and description for the Smart Group.
  2. For selection criteria, select Address Group, and then select the group that includes the database instances.
  3. Add another condition, select Host Database Instance, and then select the database types.
  4. For the actions, select Show asset as Smart Group.
  5. Add more actions of Manage Assets using Password Safe, and then select the platforms, account name formats, functional accounts, and other desired settings, ensuring to use the default port numbers for the databases:
    • Oracle: 1521
    • SQL Server: 1433
  6. Click Create Smart Rule.

An Oracle database can be part of a database cluster. If several nodes are found through discovery, only a single database managed system is created. Cluster fail over is supported.

 

Manually Add Database Instances

You can manually add the following database instance types. When selecting the database platform, ensure the correct port number is displayed.

  • Mongo: 27017
  • SQL Server: 1433
  • MySQL: 3306
  • Oracle: 1521
  • PostgreSQL: 5432
  • Sybase ASE: 5000
  • Teradata: 1025

Manually Add Databases to Assets Managed by Password Safe

  1. From the menu, select Assets.
  2. Select the desired asset, and then click the More Option button, and select Go to advanced details.

Screenshot of Add Database to Asset

  1. Under General Data, select Databases.
  2. Click Add Databases.

 

Screenshot of the Form to Add a Database to an Asset

  1. Provide a name, select the platform, add a version, leave the default port, and then click Save Database.

 

Manually Add Databases to Password Safe Management

  1. From the menu, select Assets.

Screenshot of the Database Host Icon in the Assets Grid

  1. Assets that host database instances are indicated by a Database Host icon in the Solution column.

 

  1. Select the desired asset, click the More Option button, and then select Go to advanced details.

Screenshot of Add Database Instance to Password Safe Management

  1. Under General Data, select Databases.
  2. For the desired instance, click the More Options icon, and then select Add to Password Safe.
  3. Select the functional account and other desired settings, and then click Create Managed System.

 

Manage Database Instance Accounts

Once the database instances are managed, create a managed accounts Smart Rule to manage the database instance accounts. The steps are the same for both auto-discovered or manually added database instances.

  1. From the menu, select Smart Rules.
  2. Click Create Smart Rule.
  3. Select Managed Accounts from the Category dropdown.
  4. Provide a meaningful Name and Description for the Smart Rule.

Managed accounts Smart Rule to manage the database instance accounts. showing selection criteria and actions.

  1. Select the criteria to match on the database instance account name, filtering out any named functional accounts.
  2. Select Yes from the Discover accounts for Password Safe Management list.
  3. From the Discover accounts from list, select the smart group where the database instance resides.
  4. In the Actions section, select Show managed account as a Smart Group from the list.
  5. Select Manage Account Settings from the list.
  6. Select a password rule, and either auto-manage the accounts or do not.
  7. Click Create Smart Rule.

 

When using MYSQL with multiple accounts with the same name, Password Safe can only support rotating the password on all instances of the username using a functional account.