Vault operations
The vault is the core of VaultPAM. It stores privileged credentials (passwords, SSH keys, API tokens) in an encrypted secrets engine powered by OpenBao, and controls who can access them and when.
What vault operations covers
This section covers three areas:
- Credential checkout -- how to retrieve a credential from a Safe for use in a session or manual task
- Credential rotation -- how credentials are rotated automatically or on demand, and how to set rotation policies
- OpenBao access -- how VaultPAM uses OpenBao as the underlying secrets engine, and when (on-premises only) you might need to interact with it directly
Who should read this section
- Operators need to understand checkout and check-in to perform their daily access tasks.
- Admins need to configure rotation policies and understand the OpenBao layer for on-premises deployments.