Overview
PAM
The aim of the PAM project is to consolidate accounts (such as database credentials) into safes which will be managed by a secure product. The product that’s been selected to do this is Cyberark Privilege Cloud. This project is aimed at securing human access patterns to systems such as databases and VM’s.
People looking to access sensitive systems will do so through Privilege Cloud.
You can access Privilege Cloud at https://tufts.cyberark.cloud/privilegecloud
To sign in use your UTLN followed by @tufts.edu
Adding secrets
To add secrets, go to the accounts view and click Add Account
When adding secrets, you should use the Tufts Windows Desktop Local Accounts platform for basic secrets. This platform type allows you to specify usernames and passwords that won’t be rotated.
If a system has the ability for rotating of passwords, you should work with the IAM to create a platform type that will facilitate that.
Secrets Management
For non-human access to systems, the product Cyberark Conjur has been selected for secrets management.
You can access Conjur at https://tufts.cyberark.cloud/secretsmgr
The sign in for Conjur is the same as Privilege Cloud above.
Resources
PAM Spreadheet: A listing of users, safes, accounts and applications for Data Strategy