Offline configuration

This topic describes how to apply new configurations when the Vault is offline.

When the Vault cannot be accessed and the central configuration file cannot be updated, you can create a local main configuration file on the Credential Provider and specify the parameters that will override existing configuration parameters. You can view the current parameters with the appprvmgr utility described in Credential Provider utility

When access to the Vault is restored, the local override file is synchronized with the Credential Provider-specific configuration file. If a Credential Provider-specific configuration file has not yet been created in the Vault, it will be created now.

 

When the Vault is inaccessible, the AutomaticParmsRefreshInterval parameter is automatically set to 120. When the Vault becomes accessible again, this value is reset according to the parameter in the main configuration file.

Before creating a local override file, view the parameters that the Credential Provider uses with the following command:

  
appprvmgr.exe showparms

For more information about the appprvmgr utility, refer to Credential Provider utility

  1. On the Credential Provider machine, create a new text file called local_overrides.conf.

    • Windows – Create this file in the ApplicationPasswordProvider folder.

    • UNIX – Create this file in the /etc/opt/CARKaim/conf folder.

  2. Open the file and specify the parameters from the main configuration file that will override the existing parameters. Use the same structure as the original main configuration file in the Vault and specify each parameter under the relevant header, for example [Main] or [Cache]. For more information, refer to Credential Provider (CP) configuration files.

All parameters except the TrustedCLIWrappers parameter can be specified in the local override configuration file.