Skip to main content

Using useargskey to tie API account, managed account, and command together

Enabling useargskey in the config.ini file provides higher security by tying one Bravura Privilege API account, one managed account, and one command together. By default, this key is set to 1. When enabled, the command line to runwithpass is included in the encryption key, preventing it from being used to run any other program. Ensure that you give an absolute path to runwithpass , so the command lines are consistent between runs.

Some command line arguments are excluded from the encryption key. This includes -v , -expirecache, and -initial.

If the useargskey key is set and creds.ini is to be shared between runwithpass and a program using the dynamic library:

  1. Set the argv argument to an array of strings where each string is one argument passed to runwithpass, including the command used to run runwithpass.

  2. Set argc to the size of the array.

  3. Set userkey to NULL.

For example:

 argv = {"C:\runwithpass.exe", "-conf", "config.ini", "-res", "SSH",
 "-acct", "psadmin"}
   
 argc = 7
In this section: