Accessing secrets during break glass
During a situation when you are unable to access your Sectona vault instance and you wish to access the assets directly by checking out the password, you can do this by accessing the configured Sectona Satellite Vault instance.
When Sectona PAM instance(s) is down (Offline), no User(s) will be able to access the Sectona PAM instance(s). In the event of break glass scenario, User can access ‘Satellite Vault’ to check out privilege account passwords. User(s) need to bring in their respective Profile key into the Satellite Vault system and browse URL to authenticate using the key to login. And then Check-out password for desired privilege accounts from Satellite Vault.
Generating Profile key
To access your vault, you must generate a 'Profile Key' which acts like a single authentication key to access a vault. Treat this key like direct access to Satellite vault. You can generate a key and keep it in a safe location which is accessible only to you. The procedure for generating Profile key is mentioned below:
In your Sectona instance, click on the User icon on the top left.
Navigate to Settings.
Go to the Profile Section and click on Generate New to generate a new Profile key. Download it or click on Download to download the existing Profile key.
When you click on Generate New, you need to Sync the Sectona Password vault with the Satellite vault. Use Download to download the current Profile key after Syncing with the Satellite vault.
Accessing Satellite Vault
Ensure you are aware of your break glass vault IP Address or DNS name to access the vault. To retrieve secrets which are allowed to be accessed, follow the procedure below:
Browse to the Satellite Vault instance.
Click on Upload, select the security key.
Click on Sign in to access the Satellite vault
You will be directed to the Satellite vault page. Click on the Lock button to view the password of the specified account. You can also copy the password to the clipboard by clicking on the Copy button.