Initialization
Before pamutil can be used to retrieve credentials it must be initialized. In controlled environments this is normally a system administration task. To initialize a pamutil environment you need:
An initial OTP API user to access the API.
These can be provisioned through a predefined request workflow or created on an individual basis by administrators. The OTP API user will also need permissions to access the resources and accounts it will need.
Following is an example of an OTP API user:
Using the API to retrieve administrative passwords describes how to configure an OTP API user via the Manage the system (psa) module.
Example: Create an OTP API user describes how to create an OTP API user with Bravura Pattern: Privileged Access Edition.
The
pamutilconfiguration file (by default, namedconfig.ini) which specifies the API connection parameters and details.A prepared credentials file which will contain the encrypted state and account cache information. The default name for this file is
creds.ini.The command runwithpass -initial will prompt for the OTP API account’s initial password, update the credentials file and initialize the encryption. At this point Blue Prism can use credentials stored within Bravura Privilege .