Password Safe VBO Integration with Blue Prism
This guide covers how to install and use the BeyondTrust Password Safe VBO integration for Blue Prism.
Follow the steps below to import and configure the release.
- Right-click Package Overview and click Import Release.
- Navigate to the location of the .bprelease file and follow the steps.
- Once imported, there is a Credential object for BeyondTrust Password Safe, inside which you store the API Key for the Blue Prism application.
- There are two generic Web API Services, one for BeyondTrust Password Safe and one for BeyondTrust DevOps Secrets Safe.
- There are also two VBOs, one for each product, under Studio.
- A sample process, the Centrix Data Solutions example from the Blue Prism tutorial, and an associated VBO, are included to demonstrate how to use the VBOs for both products.
- The process includes two VBOs: one for BeyondTrust Password Safe and one for BeyondTrust DevOps Secrets Safe.
- Review and set the Password Safe VBO Inputs.
- ApiKey: This is generated in the BeyondTrust web console BeyondInsight, and associated to an API Registration.
- RunAs: Service account for the Blue Prism application in Password Safe.
- PasswordSafeServerName: DNS-resolvable server name for Password Safe. The IP address can also be used.
- SystemName: System name that represents Blue Prism in BeyondInsight.
- AccountName: Blue Prism account managed by Password Safe.
- Duration: Duration for the check-out release request, in minutes.
- Reason: Added to check-out event in logs.
- In BeyondInsight, go to Configuration > API Registrations to view the API registration key.
- In BeyondInsight, go to Configuration > User Management and grant permission to All Assets for the Blue Prism group.
- Also grant permission to All Managed Accounts for the Blue Prism group.
The service account (user) and API registration must also be configured in the Blue Prism application.
- The managed account that contains the password must be configured for API access.
- In Blue Prism, import a server certificate that matches the server name to the local computer certificate store. This allows the connection over HTTPS.
- Import the trusted root certificate authority.
- Go to the Outputs tab.
- Store the password as a Password Data Type item.
- Store the status codes as Text Data Type items.
HTTP errors are returned if an error is encountered:
- 200 is successful.
- 400 is invalid request.
- 401 is failed to authenticate.
- 403 means that the system is sealed and must be unsealed.
- 200 is successful.
- 401 means that the user is not authorized.
- 403 means that the system is sealed.
- 404 means that the secret or scope is not found.