View and Check Out Credentials from the /login Interface

 

Stored passwords can be retrieved for use outside of a BeyondTrust support session. The /login interface allows you to manually check out a password for a shared account, or view and copy a password for a personal account.

Check Out and Check In a Shared Account

  1. Go to Vault > Accounts.

Screenshot of an account listing highlighting the Check Out option.

  1. From the Shared tab, locate the account you wish to use.
  2. Click Check Out.

 

Screenshot of the Account Password dialog.

  1. The Account Password dialog appears, and you are able to see the password in plain text for one minute. In that time, you can copy the password by clicking the Copy icon.
  2. For SSH Certificate Authority accounts, the signed public key and the private key display. Users must authenticate within 5 minutes. The credentials can also be accessed via API using the bt vault subcommand of the Command Line Interface.

When an account is checked out, it's indicated in the Status column. You can hover over the Checked Out status to see who has it checked out.

  1. When you are finished using a credential, return to the Accounts page and click Check In to check the password back into BeyondTrust Vault.
  2. For SSH Certificate Authority accounts, there is no need for check in, as the credentials are unique for each check out or injection.

 

If you are checking in a domain credential with automatic rotation configured, the password automatically rotates.

Non-administrative users can only view and modify credentials for which they have access.

Check Out a Service Account

The process for checking out service accounts is the same as other accounts; however, the password must be manually set by the administrator before checking out the account.

View and Copy a Personal Account Password

  1. Go to Vault > Accounts.

Screenshot of an account listing highlighting the View Password option.

  1. From the Personal tab, locate the account you wish to use.
  2. Click View Password.

 

    Screenshot of the Account Password dialog.

  1. The Account Password dialog appears, and you are able to see the password in plain text for one minute. In that time, you can copy the password by clicking the Copy icon.

Only the owner of a personal account is able to view its password. A Credential Used event is logged when the owner views the password. Vault administrators can view this activity in a Vault report.