Advanced Settings

The following advanced settings can be configured outside the configuration tool:

  • LogFile:
    • Windows LogFile: Location of log file (default C:\Program Files\BeyondTrust\Secrets Cache\logs\pspca.log).
    • Linux LogFile: Location of log file (default /var/opt/pbps/log/pspca.log).
  • runuser: The unprivileged user that is used to run the cache service on Linux (default nobody).
  • http_rest: Define custom settings for the HTTP REST interface.
    • listen_port: The port the cache uses to listen for incoming API calls (default 443).
    • listen_host: The interface the cache uses to listen for incoming API calls (default 0.0.0.0).
  • password_safe: Define settings for Password Safe interactions.
    • managed_accounts_limit: Maximum number of managed accounts to retrieve from Password Safe (default 100000).
    • secrets_limit: Maximum number of secrets to retrieve from Secrets Safe (default: 100000).
    • rotation_policy: Can be set to 1 (rotate on retrieval) or 2 (never rotate) if Allow API Rotation Override is enabled in Password Safe's access policy (default 0).
    • http_timeout: HTTP timeout interval in seconds (default 60).
    • request_reason: Reason provided for the request (default: Secrets Cache Refresh).
    • refresh_interval: How often the cache checks with Password Safe in milliseconds (default 300000).
    • use_prev_creds: Set to 1 to server up a previous credential if the current credential is null (default 0).

Windows

Windows advanced settings are stored in the registry. If the setting is not there, it uses the default value:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BeyondTrust\PBPS\pspca_cfg]
    • LogFile=C:\Program Files\BeyondTrust\Secrets Cache\logs\pspca.log
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BeyondTrust\PBPS\pspca_cfg\http_rest]
    • listen_port=443
    • listen_host=0.0.0.0

Linux

The advanced options are stored in JSON format in /etc/opt/pbps/pspca.conf. If an option is not included, the default value is used.

{
    "LogFile": "/var/opt/pbps/log/pspca.log",
    "runuser": "nobody",
    "http_rest": {
        "listen_port": 443,
        "listen_host": "0.0.0.0"
    },
    "password_safe": {
        "http_timeout": "psapi",
        "managed_accounts_limit": 100000,
        "refresh_interval": 300000,
        "request_reason": "Secrets Cache Refresh",
        "rotation_policy": 0,
        "use_prev_creds": false
    }
}