Previous Topic: Configure an Endpoint to Use a Database (.NET) Password ConsumerNext Topic: How CLI Password Consumers Work


Configure an Endpoint to Use a CLI Password Consumer

A CLI password consumer is a type of software development kit password consumer. You can use CLI password consumers to replace hard-coded passwords in scripts with privileged account passwords. A CLI password consumer is a representation of a script that gets, checks out, or checks in privileged account passwords. The script calls the SAM Agent, which retrieves the privileged account password from CA ControlMinder Enterprise Management.

Use CLI password consumers to write .bat or .sh scripts that are limited in their ability to change other files or scripts. For example, you can write a script that uses the acpwd utility to manually update a hard-coded password in a file. You also use CLI password consumers to let users run the acpwd utility from the command line on an endpoint.

Note: You can also use the SAM SDK to replace hard-coded passwords in scripts with privileged account passwords. For example, use the SAM SDK to write a customized script that replaces passwords in multiple files.

To configure an endpoint to use a CLI password consumer

  1. Verify that CA ControlMinder is installed on the endpoint with the SAM Integration feature enabled.
  2. Add the following command to your script:
    acpwd {-checkout | -get} -account name -ep name -eptype type [-container name] -nologo
    

    Note: For more information about the acpwd utility syntax, see the Reference Guide.

  3. Modify your script to use the output of the command (the privileged account password).

    You have configured the endpoint to use a CLI password consumer. You must now create a Software Development Kit (SDK/CLI) password consumer for the script in CA ControlMinder Enterprise Management.