Service Account Keys

On the Service Account Keys page, an administrator can view and download existing keys issued for service accounts and generate new key pairs.

Example:  An administrator wants to generate a new SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for the green chicken application, which is a Linux-based log aggregation application. The application uses secure SSH to communicate internally between the server collecting the logs and the servers from which the logs are being collected. All the servers are controlled by the Keyfactor Bash OrchestratorClosed The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.. The servers are set to both inventory and publish policy. To accomplish this, the administrator:
  1. Uses the Keyfactor Command Management Portal to create a new key pair (see Creating a Service Account Key). She enters the following information in the form:

    Figure 303: Acquire a New Service Account Key

  2. Downloads the SSH private key on the server doing the log collectionClosed The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports)., from which the SSH connections will be made to collect logs.
  3. Uses the Management Portal to map the new public key for the full service account user name (svc_greenchicken@appsrvr75) to the Linux logons for the service on the servers from which the logs will be collected (see Editing Access to an SSH Server Group).

    Figure 304: Map Service Account Public Key to Logon

    Note:  The servers that the logs will be collected from are organized into a server group so the administrator can create logons and map the service account key using the Access Management option on the Server Group page. If the servers were in different server groups or the server group contained servers which should not be updated with logons and keys for the green chicken service, the administrator would need to create the logons and mappings separately for each server using the Access Management option on the Servers page (see Editing Access to an SSH Server).
  4. Waits for the public key to be published to the servers. The time that this takes depends on the frequency of the server group synchronization schedule (see Adding Server Groups).
  5. Confirms that the service is able to successfully connect using secured SSH.
Tip:  Click the help icon () next to the Service Account Keys page title to open the embedded web copy of the Keyfactor Command Reference Guide to this section.

You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.