Support Center Home

Credential Vault Integration for the LM Collector

Note: The Credential Vault Integration for the LM Collector is currently an open beta. Reach out to your Sales and CSM team for more information.

The Credential Vault integration for the LogicMonitor Collector makes it possible to store and manage sensitive information (including credentials and secrets for hosts, devices, services, etc.) in an external credential vault. 

LogicMonitor Collector supports the following vault integrations:

Collector configurations

The following table lists the configuration properties to set in the Collector agent.conf.

Property Description Default
vault.bypass If the value for the property is true, the vault API calls won’t happen. Note: You must set the property to false, to enable the vault API calls. true
vault.credentials.cache.expirationtime The property specifies the integer value in minutes for the expiry of the credential in the Vault cache. After this time, the credentials in the Vault cache will be expired and needs to be re-fetched from the Vault. 60
vault.credentials.refresh.delay The property specifies the integer value in seconds. Controls the Credential Vault integration cache expiration refresh delay. 15

Vault properties

Vault properties, such as Vault Metadata and Vault Keys, can be configured at the device or device group level for the Collector.

Vault Metadata

The following table lists the Vault Metadata properties.

Property Description
vault.meta.url The URL of the vault.
vault.meta.safe If vault.meta.type is CyberArk, you can specify a Safe. Although a Collector can include many Safes, each device can have only one Safe.
vault.meta.type The type of vault.
vault.meta.header The headers required for HTTP Get Request. The value for this custom property would be the header separated with & and the header key value separated with = as shown in the below example:

vault.meta.header – Content-Type=application/json&Accept-Encoding=gzip, deflate, br

Vault Keys

Vault keys need to be specified at the device level with suffix .lmvault.

Property Description
<property suffixed="" with
.lmvault		 The custom property for which value should be retrieved from the Vault must be specified at the device level by adding suffix .lmvault. The value of such property would be the path of the key in the Vault.

For example: ssh.user.lmvault = ssh\ssh.user

In This Article