Skip to main content

Preparation

Before you can target Bravura Safe (2025+), you must:

Set up Bravura Safe

See Bravura Safe Documentation to learn how to set up a Bravura Safe instance, team, and users.

Recommended Bravura Safe permission sets

The following are the recommended sets of permissions for the Bravura Safe administrator as well for general access to the Bravura Safe web instance.

Bravura Safe target administrator:

  • User type: Custom

  • Admin Permissions:

    • Manage all collections

      • Create new collections

      • Edit any collection

      • Delete any collection

  • Access Control:

    • "This user can access and modify all items" must be selected

Bravura Safe web instance for administration and setup:

  • User type: Custom

  • Admin Permissions:

    • Create new collections

    • Edit any collection

  • Access Control:

    • The option for "This user can access only the selected collections" should be selected and set with no collections specified.

This will allow for the creation of collections and credentials as well as adding users to collections, but not be able to view the credentials in the collections once they are created. This would also allow the administrator to add themselves to a collection to view or edit the credentials.

Set up the target system administrator

The Bravura Safe (2025+) target system requires administrative credentials that are previously configured on the Bravura Safe instance.

To configure the target administrator:

  1. Log in to Bravura Safe via the web interface and open your Team.

  2. Click Teams, then Manage.

  3. Invite a new user:

    1. Click Invite User.

    2. Enter the email address for a user that will be used as the administrator.

    3. Set the User type to Custom.

    4. Set the specific permissions as noted above for the recommended permissions.

    5. Click Save.

    6. Complete the process to onboard the user.

Alternatively, edit the permissions for a current user by clicking on their email address and modifying for the above set of recommended permissions.

The email address and master password set for this user will be used for the administrator credentials for the Bravura Safe (2025+) target system.

Install the Bravura Safe CLI

The Bravura Safe CLI is required for use with the Bravura Safe (2025+) and Bravura Safe User Management (2025+) connectors.

Troubleshooting

File Blocked by Windows Security

When downloading bsafe.exe from GitHub, Windows may mark the file as blocked because it came from another computer. This security feature can prevent the CLI from executing properly.

Symptoms:

  • The connector fails to execute bsafe.exe

  • Access denied or execution errors when running the CLI

  • Windows security warnings about the file

Solution:

  1. Right-click on bsafe.exe and select Properties.

  2. On the General tab, look for a Security section at the bottom that states:

    "This file came from another computer and might be blocked to help protect this computer."

  3. Check the Unblock checkbox next to this message.

  4. Click Apply, then OK.

  5. Verify the file is now unblocked by checking the properties again - the security warning should be gone.

CLI Not Found in PATH

Symptoms:

  • Error [WinError 2] The system cannot find the file specified appears in the logs

  • Objects fail to be listed from the Bravura Safe connector

Solution:

  1. Verify the system PATH environment variable includes the directory containing bsafe.exe (e.g., c:\bsafe).

  2. If the PATH is missing or incorrect, add the directory containing bsafe.exe to the system PATH environment variable (not the user PATH). The method to access environment variables varies by Windows version.

  3. Ensure the path can be accessed by the psadmin account by verifying the file exists and has appropriate permissions.

  4. Restart the Bravura Security Fabric services after updating the PATH. The updated PATH will not be reflected until the services are restarted.

  5. After restarting services, test that the connector can successfully list objects from Bravura Safe.

Alternative Solution (if service restart is not possible):

If restarting services is not an option, you can modify the connector files to use the full path to the Bravura Safe CLI. Note that this change will be overwritten when the connector pack is upgraded and will need to be reapplied.

  1. Locate the following connector files:

    • agtbsafe25-user.py

    • agtbsafe25.py

  2. In each file, find the line:

    CLI_EXE: str = "bsafe"

  3. Change it to use the full path:

    CLI_EXE: str = "c:\\bsafe\\bsafe.exe"

  4. Save the files and test that the connector can successfully list objects from Bravura Safe.

Session Authentication Issues

Symptoms:

  • Repeated authentication prompts

  • Connection failures after initial success

  • Session timeout errors

Solution:

  1. Clear the existing session data as described in the "Clearing Session Data" section above.

  2. Verify the Bravura Safe server address is correct in the connector configuration.

  3. Check that the Bravura Safe server is accessible from the Bravura Security Fabric server.

In this section: