Vault: Configure Password Rotation for Linux and Unix Servers

You can use a dedicated script from Vault to perform automated password rotation for your Linux or Unix servers. This process involves enabling the rotation, downloading the script, generating a security key, and installing the script on your target server.

Prerequisites:

• You must have administrative access to your Vault instance.
• You must have superuser (sudo) access to the target Linux or Unix server.

Configuring Password Rotation in Vault

First, you must activate the password rotation feature for the specific credential you want to manage.

1. Log in to your Vault platform.
2. Go to Credentials. A list of available credentials is displayed.
3. From the list, select a specific credential to view the Edit Credential window.
4. On the Edit Credential window, go to Rotation and select the Use automatic password rotation checkbox.
5. Click Save.
6. Return to the Credentials page and find the credential you configured.
7. Click Actions, then select Password Rotation.
8. In the new window, click Download Linux (Shell) Script.
9. Next, in the same window, click Generate key.

10. In the new window, click Download Linux (Shell) Script.
11. Move the downloaded script file to the computer that will execute the rotation.

Installing the Script on the Server

Complete the process by installing and configuring the script on the target Linux/Unix server.

1. On the target server, go to the directory where you moved the script file.
2. If necessary, add execute permission to the script: chmod +x VaultOnePasswordRotationInstaller.sh
3. Run the script with superuser privileges: sudo ./VaultOnePasswordRotationInstaller.sh
4. Follow any on-screen prompts during the installation.

After the script installation is complete, password rotation occurs automatically according to the script's configured schedule.