Vault.ini
The Vault parameter file, Vault.ini, contains all the information about the Vault that is accessed by CyberArk components. Each component that accesses the Vault requires a Vault.ini file of its own.
|
The semicolon (;) and hash (#) characters indicate the beginning of a remark. However, if these characters appear between quotation marks (“”) or after an equals sign (=) they are considered to represent a parameter. |
|
Parameter |
|
|---|---|
|
Vault |
|
|
Description |
The name of the Vault. |
|
Acceptable Values |
String |
|
Default Value |
None |
|
Address |
|
|
Description |
The DNS of the Vault. Currently, there is no limit to the number of DNS entries that you can specify. |
|
Acceptable Values |
DNS,DNS,DNS,… |
|
Default Value |
None |
|
Port |
|
|
Description |
The Vault Port. |
|
Acceptable Values |
Number |
|
Default Value |
1858 |
|
Timeout |
|
|
Description |
The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed. |
|
Acceptable Values |
Number |
|
Default Value |
8 |
|
SwitchVaultAddressTimeOut |
|
|
Description |
The number of seconds that the Credential Provider will try to access an additional Vault DNS after the initial timeout to the current Vault, specified in the Timeout parameter, expires. |
|
Acceptable Values |
Number of seconds |
|
Default Value |
3 |
|
AuthType |
|
|
Description |
The type of authentication to be used to log onto the Vault. |
|
Acceptable Values |
PA_AUTH (Password), NT_AUTH, PKI_AUTH |
|
Default Value |
PA_AUTH (Password) |
|
NTAuthAgentName |
|
|
Description |
The name of the NT Authentication Agent. |
|
Acceptable Values |
String (1-260 characters) |
|
Default Value |
None |
|
NTAuthAgentKeyFile |
|
|
Description |
The name of the NT Authentication Key File. |
|
Acceptable Values |
HTTP, HTTPS, SOCKS4, SOCKS5 |
|
Default Value |
None |
|
ProxyAddress |
|
|
Description |
The proxy server IP address. This is mandatory when using a proxy server. |
|
Acceptable Values |
IP address |
|
Default Value |
None |
|
ProxyPort |
|
|
Description |
The Proxy server IP Port. |
|
Acceptable Values |
Number |
|
Default Value |
8081 |
|
ProxyUser |
|
|
Description |
User for Proxy server if NTLM authentication is required. |
|
Acceptable Values |
User name |
|
Default Value |
None |
|
ProxyPassword |
|
|
Description |
The password for Proxy server if NTLM authentication is required. |
|
Acceptable Values |
Password |
|
Default Value |
None |
|
ProxyAuthDomain |
|
|
Description |
The domain for the Proxy server if NTLM authentication is required. |
|
Acceptable Values |
Domain name |
|
Default Value |
NT_DOMAIN_ NAME |
|
BehindFirewall |
|
|
Description |
Accessing the Vault via a Firewall. |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
UseOnlyHTTP1 |
|
|
Description |
Use only HTTP 1.0 protocol. Valid either with proxy settings or with BEHINDFIREWALL. |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
NumOfRecordsPerSend |
|
|
Description |
The number of file records that require an acknowledgement from the Vault server |
|
Acceptable Values |
Number |
|
Default Value |
15 |
|
NumOfRecordsPerChunk |
|
|
Description |
The number of file records to transfer together in a single TCP/IP send/receive operation |
|
Acceptable Values |
Number |
|
Default Value |
15 |
|
ReconnectPeriod |
|
|
Description |
The number of seconds to wait before the sessions with the Vault is re-established. |
|
Acceptable Values |
Number |
|
Default Value |
1 |
|
EnhancedSSL |
|
|
Description |
Whether or not to use an enhanced SSL based connection (port 443 is required). |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
PreAuthSecuredSession |
|
|
Description |
Whether or not to enable a pre- authentication secured session. |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
TrustSSC |
|
|
Description |
Whether or not to trust self-signed certificates in pre-authentication secured sessions. |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
AllowSSCFor3PartyAuth |
|
|
Description |
Whether or not self-signed certificates are allowed for third-party authentication (e.g., RADIUS). |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
CIFSGateway |
|
|
Description |
The name of the CIFS Gateway. |
|
Acceptable Values |
String |
|
Default Value |
None |
|
HTTPGatewayAddress |
|
|
Description |
The URL of the HTTP Gateway. |
|
Acceptable Values |
URL |
|
Default Value |
URL |
|
DISTRIBUTEDVAULTS |
|
|
Description |
Enables the Credential Provider to work in a distributed Vaults environment and to send password requests to one of a list of available Vaults. If this parameter is set to Yes, the Address parameter value must be an address that returns a DNS SRV record that indicates the Vault to which the Credential Provider will send requests. If the parameter is set to No, or if it is not defined, the Address parameter value must be the DNS of a Vault. |
|
Acceptable Values |
Yes/No |
|
Default Value |
No |
|
FAILBACKINTERVAL |
|
|
Description |
The number of seconds between Credential Provider requests to check the SRV record. |
|
Acceptable Values |
Number of seconds. (Range 30-65535) |
|
Default Value |
1800 (30 minutes). |
