Vault Parameter File
The Vault.ini file contains all the information about the Vault that is accessed by CyberArk components. Each component that accesses the Vault requires a Vault.ini file of its own.
During installation, the Vault.ini file is copied to the installation folder.
|
|
Vault parameters
Parameter |
Description |
||
---|---|---|---|
Vault |
The name of the Vault. Acceptable values: String Default value: None |
||
Address |
The IP address of the Vault. There is no limit to the number of IP addresses that you can specify.
Acceptable values: IP address,IP address,IP address,... Default value: None |
||
Port |
The Vault IP port. Acceptable values: Number Default value: 1858 |
||
Timeout |
The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed. Acceptable values: Number Default value: 30 |
||
SwitchVaultAddressTimeOut |
The number of seconds that the Vault component tries to access additional Vault IP addresses after the initial timeout to the current Vault expires. The initial timeout is specified in the Timeout parameter.
Acceptable values: Number of seconds Default value: 3 |
||
AuthType |
The type of authentication to be used to log on to the Vault. Acceptable values: PA_AUTH (Password), PKI_AUTH, LDAP, RADIUS Default value: PA_AUTH (Password) |
||
VaultDN |
The Distinguished Name of the Vault (PKI Authentication). Acceptable values: String Default value: None |
||
ProxyType |
The type of proxy through which the Vault is accessed. Acceptable values: HTTP, HTTPS, SOCKS4, SOCKS5 Default value: None |
||
ProxyAddress |
The proxy server IP address. This is mandatory when using a proxy server. Acceptable values: IP address Default value: None |
||
ProxyPort |
The proxy server IP port. Acceptable values: Number Default value: 8081 |
||
ProxyUser |
The user for the proxy server if NTLM authentication is required. Acceptable values: User name Default value: None |
||
ProxyPassword |
The password for the proxy server if NTLM authentication is required. Acceptable values: Password Default value: None |
||
ProxyAuthDomain |
The domain for the proxy server if NTLM authentication is required. Acceptable values: Domain name Default value: NT_DOMAIN_NAME |
||
BehindFirewall |
If the Vault is accessed via a firewall. Acceptable values: Yes/No Default value: No |
||
UseOnlyHTTP1 |
Use only HTTP 1.0 protocol. Valid either with proxy settings or with BEHINDFIREWALL. Acceptable values: Yes/No Default value: No |
||
NumOfRecordsPerSend |
The number of file records that require an acknowledgement from the Vault server. Acceptable values: Number Maximum number is 4000. Default value: 300 |
||
NumOfRecordsPerChunk |
The number of file records to transfer together in a single TCP/IP send/receive operation. Acceptable values: Number Maximum number is 4000. The value cannot be larger than the NumOfRecordsPerSend value. Default value: 60 |
||
ReconnectPeriod |
The number of seconds to wait before the sessions with the Vault is re-established. Acceptable values: Number Default value: 1 |
||
EnhancedSSL |
Whether or not to use an enhanced SSL-based connection (port 443 is required). Acceptable values: Yes/No Default value: No |
||
PreAuthSecuredSession |
Whether or not to enable a pre-authentication secured session. Acceptable values: Yes/No Default value: No |
||
TrustSSC |
Whether or not to trust self-signed certificates in pre-authentication secured sessions. Acceptable values: Yes/No Default value: No |
||
ProxyCredentials |
The name of a file that contains the proxy credentials. This parameter can be used to replace the ProxyUser and ProxyPassword parameters. Acceptable values: Full pathname Default value: None |
||
CTLFileName |
The path to the CTL file for Radius authentication. Acceptable values: Valid path to base64 CTL filee Default value: None |
||
AllowSSCFor3PartyAuth |
Whether or not self-signed certificates are allowed for third-party authentication (for example, RADIUS). Acceptable values: Yes/No Default value: No |
||
CIFSGateway |
The name of the CIFS Gateway. Acceptable values: String Default value: None |
||
HTTPGatewayAddress |
The URL of the HTTP Gateway. Acceptable values: URL Default value: URL |
||
DistributedVaults |
Whether or not CyberArk clients will work in Distributed Vaults mode, and will be able to send requests to one Vault in a list of available Vaults. When this parameter is set to Yes, the Address parameter must specify an address that returns a DNS SRV record that indicates the Vault to which the client will send requests. When this parameter is set to Static, the Address parameter must specify the IP/DNS address, using the following format: IP address,IP address,IP address,…. Acceptable values: Yes, No, Static Default value: No |
||
FailbackInterval |
The number of seconds between client requests to check the SRV record. Acceptable values: Number of seconds Default value: 1800 (30 minutes) |
API parameter
Parameter |
Description |
---|---|
Addresses |
The URL of the PVWA. Separate multiple PVWAs with commas. If the CPM was installed before the PVWA, a warning is written to the scanner logs and the URL of the PVWA must be updated manually after PVWA installation. Acceptable values: URL Default value: None |