Check out Shared Account Passwords

Checking out a password allows a user to access a resource. To check out a password, you need the ID for the shared user account that has access to the resource. Call /Redrock/Query with a query similar to the following to retrieve the ID for the account:

/Redrock/Query

{
"Script":"Select Vaultaccount.ID from Vaultaccount, Server   
 
where Server.ID = Vaultaccount.host
and Server.name = 'Win-server123'
and Vaultaccount.user = 'CPSTEST'"
}

The VaultAccount table table holds information for shared accounts. The Vaultaccount.host column is a foreign key to the Server table, which holds information for managed resources. The Where clauses limit the response to the ID for a specific server/account combination (Win-server123/CPSTEST)

The ID column in the response holds the ID for the CPSTEST shared user account. Save this ID to identify the account to checkout.

The Vaultaccount query response:

{
  "success": true,
  "Result": {
    "IsAggregate": false,
    "Count": 1,
    "Columns": [
      {
        "Name": "ID",
        "IsHidden": false,
        "DDName": "ID",
        "Title": "ID",
        "DDTitle": "ID",
        "Description": "Row Identifier (primary key)",
        "Type": 12,
        "Format": null,
        "Width": 0,
        "TableKey": "Primary",
        "ForeignKey": null
      }
    ],
    "FullCount": 1,
    "Results": [
      {
        "Entities": [
          {
            "Type": "VaultAccount",
            "Key": "3834d122-30cd-4893-8820-41af9447b313",
            "IsForeignKey": false
          }
        ],
        "Row": {
          "ID": "3834d122-30cd-4893-8820-41af9447b313"
        }
      }
    ],
    "ReturnID": ""
  },
  "Message": null, "MessageID": null, "Exception": null, "ErrorID": null, "ErrorCode": null, "InnerExceptions": null
}

Call /ServerManage/CheckoutPassword to check out the password. Specify a duration for the check out (in minutes) with the Lifetime field in the payload.

/ServerManage/CheckoutPassword
{
  "ID": "3834d122-30cd-4893-8820-41af9447b313",
  "Lifetime": 35
}

The call returns a unique ID (in COID) that you can save to pass to other functions to manage the Password checkout response:

{
    "success": true,
     "Result": 
     {
        "COID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c",
        "Password": "FlK6,.;hf%Hu9PSoz7lT=Dt"
      },
      "Message": null, "MessageID": null, "Exception": null, 
      "ErrorID": null, "ErrorCode": null, "InnerExceptions": null
}

For example, you can call ServerManage/ExtendCheckout to provide more time to an account whose checkout is expiring:

/ServerManage/ExtendCheckout
    {"ID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c"}

To check in a password before it expires, call /ServerManage/CheckinPassword and pass the ID for the checkout:

/ServerManage/CheckinPassword
    {"ID": "7d80fb14-1767-4337-a2bf-9c1bd6545f3c"}

See Also

Updated about a year ago

Check out Shared Account Passwords


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.