Verification

There is no direct way to view or inspect cached secrets in Delinea Credentials Cache. To verify that Credentials Cache is functioning correctly, you must enable logging in the appsettings.json configuration file and review the generated log files. This verification approach applies to both Windows and Linux, as Delinea Credentials Cache is implemented as a cross-platform solution.

Verify IIS Site Is Running

Use the following procedure to validate that Delinea Credentials Cache is running correctly when hosted in IIS.

  1. Open IIS Manager.

  2. Confirm Default Web Site status is Started.

  3. Confirm the application pool used by the Credentials Cache application is Started:

    • In IIS Manager, select Application Pools.

    • Locate the pool used by the Credentials Cache application and confirm Status is Started.

  4. Under Sites > Default Web Site, click the Credentials Cache application (for example, Delinea Cred Cache).

  5. Click Browse. The Swagger UI should load and the page should open without errors.

If the page does not load, review Event Viewer > Windows Logs > Application for IIS / ASP.NET Core hosting errors.

Verifying Delinea Credentials Cache in Apache Tomcat

To ensure that your application configured in Apache Tomcat uses Delinea Credentials Cache, you need to check the logs. The procedure below provides an example of verifying that a Student JPA application configured in Apache Tomcat uses Delinea Credentials Cache.

  1. Open the Command Prompt window and navigate to the folder containing the utility.jar file.

  2. Run the SetUpUtility.jar file to set the Delinea JDBC Proxy Driver.

  3. Enter the details of Secret Server, the username of the Secret Server application account, and the password of the application account.

  4. Enter the path of the application's lib folder.

  5. Specify whether to use Delinea Credentials Cache:

    • To confirm the use of Delinea Credentials Cache, enter y at a command prompt.

    • To specify that the application configured on Apache Tomcat will not use Delinea Credentials Cache, enter n.

  6. On your computer, open the Delinea Credentials Cache folder.

  7. In the folder, open the appsettings.json file and set CredentialCacheExpirationMinutes (the cache expiration period) to 10.

  8. On your computer, open the folder where Apache Tomcat is configured.

  9. Open the DelineaDriver.properties file.

  10. Check that the useDelineaCache=y parameter is set in the DelineaDriver.properties file.

  11. Open the application configured in Apache Tomcat.

  12. Enter the value for the book parameter or student parameter.

  13. Check in the Apache Tomcat logs that the connection is made through Delinea Credentials Cache.

Verifying Delinea Credentials Cache in WebSphere

  1. In WebSphere, set up the Student JPA application and provide the example settings shown in the screenshot below in the persistent.xml file.

  2. Open the DelineaDriver.properties file.

  3. Check that the useDelineaCache=y parameter is set in the DelineaDriver.properties file.

  4. Open the Student JPA application configured in WebSphere.

  5. Enter the value for the book or student parameter.

  6. Check in the WebSphere logs that the connection is made through Delinea Credentials Cache.

Verifying Delinea Credentials Cache with MID Server Integrations

When using a MID Server (such as a ServiceNow MID Server) with Delinea Platform or Secret Server, credentials can be retrieved through the Delinea Credential Cache.

To verify that the Credential Cache is functioning correctly in a MID Server integration:

  1. Confirm that the MID Server is configured with a Delinea Credential Resolver (for either Secret Server or Delinea Platform).

  2. Confirm that the MID Server is configured with Delinea credential cache. Follow this link to see how to enable Delinea Credential Cache.

  3. In your integration platform, run a test credential retrieval or connection test.

    • If the connection is successful and no direct credential prompt occurs, the MID Server is retrieving credentials from the configured cache.

  4. In Secret Server or the Delinea Platform, review the wrapper.log file of the MID Server to confirm that the MID Server host has requested credentials through the cache.

  5. If the credential request does not appear in the wrapper.log file logs, review the MID Server configuration to ensure caching is enabled.

Verifying Event Pipeline-Based Secret Updates

After implementing Event Pipeline-based secret updates, you can verify that the integration is working correctly using the following methods.

Verifying Event Pipeline Execution in Windows

Method 1: Check Event Pipeline Activity

  1. Log in to Secret Server or Delinea Platform.

  2. Navigate to Admin > Settings > Event Pipelines.

  3. Click the Activity tab.

  4. Verify the following details for your pipeline execution:

    • Run ID: Unique identifier for the pipeline execution

    • Status: Should display "Success" for successful executions

    • Triggered by: Shows which user or event triggered the pipeline

    • Timestamp: Confirms the execution time matches your password change

If the status shows "Success" and the timestamp is recent, the Event Pipeline is functioning correctly.

Method 2: Check Distributed Engine Logs

For detailed verification, review the log files on the Distributed Engine where Credentials Cache is installed.

  1. Navigate to the Distributed Engine server.

  2. Go to the log path configured in the appsettings.json file (typically the path specified in the LogPath parameter).

  3. Open the most recent log file.

  4. Look for the following success indicators:

    • "Successfully retrieved the credential for [SecretID]"

    • "Updating cache"

    • "Saving credential cache to file"

These log entries confirm that the Credentials Cache successfully received and processed the secret update from the Event Pipeline.

Note: If you don't see these log entries, verify that EnableLogging is set to true in your appsettings.json file.

Verifying Event Pipeline Execution in Linux

As with Windows deployments, there is no direct method to view cached credentials on Linux. Verification relies on reviewing application and proxy server logs after enabling logging in the appsettings.json file.

For Linux environments where Credentials Cache is deployed:

Method 1: Check Event Pipeline Activity

Follow the same steps as described in the Windows verification section to check the Event Pipeline activity in Secret Server or Delinea Platform.

Method 2: Check Apache Tomcat Logs

  1. Navigate to the log directory for your Apache Tomcat installation:

    • For Red Hat Enterprise Linux: /var/log/httpd/

    • For Ubuntu Linux: /var/log/apache2/

  2. Check the following log files for Credentials Cache activity:

    sudo tail -f /var/log/apache2/error.log

    Or for Red Hat:

    sudo tail -f /var/log/httpd/error_log

  3. Look for entries related to credential cache updates and secret synchronization.

  4. For application-specific logs, check the Credentials Cache service logs in the directory where you published the application.

Note: The specific log verification steps for Linux environments may vary depending on your Apache Tomcat configuration and the location where Credentials Cache was published.