MySQL Account Secret Template for RPC

Overview

This document briefly discusses using Secret Server Remote Password Changing (RPC) for MySQL Accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

MySQL is a widely-used open-source relational database management system (RDBMS) known for its speed, reliability, and ease of use. It is a central component of the LAMP web application software stack, along with Linux, Apache, and PHP/Perl/Python.

To configure secret templates for MySQL, see RPC on SQL Server Accounts.

Distributed Engine Considerations

For MySQL RPC to work, a MySQL connector is required on the distributed engine (DE), and the MySQL.data.dll file needs to be added in the DE files. See Distributed Engine Overview for details.

When DEs auto update, they remove the MySQL, Oracle, and other DLLs that were manually placed there. To forestall this, we recommend creating an ignore file for DE upgrades.

How to Create an Ignore File for Distributed Engine Upgrades

Create and configure an ignore file for Distributed Engine upgrades to allow Distributed Engine ignoring specific DLLs and not replacing them during upgrades.

1. Open a text editor like Notepad or Notepad++.

2. In the content of the file, add the filename of any DLLs that you'd like to ignore during upgrades. If there is more than one file, add each additional filename on a new line.

3. Save this file to the data folder on the Distributed Engine machine. By default, it is: C:\Program Files\Thycotic Software Ltd\Distributed Engine\data.

  • Filename must be "ignore" without quotes.

  • Uncheck "Append Extension" as this file must not contain an extension.

4. Once complete, any further upgrades will ignore any file listed in the ignore file.

Additionally see video demo for details.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage the built-in secret templates. Each secret template is specific application and is preconfigured with the password changer best suited to that. For the MySQL Account, we want the MySQL Account template.

You can view and modify secret templates in the Secret Server administration panel. See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

To navigate to a MySQL Account secret template:

  1. Go to Administration > Secret Secret Server. The Secrets Administration page is displayed.

  2. In the Core Actions section, click Secret Templates. The list of available templates is displayed.

  3. Select a MySQL Account secret template and then click the Mapping tab.

You can check what secret template conforms to the selected RPC. The screenshot below shows that the MySQL Account RPC conforms to the identically titled secret template. It is possible to assign several password changers to one secret template. For more information, see Assigning a Password Changer to a Secret Template.

Secret templates determine the fields, launchers, and the remote password changer for secrets. To use the MySQL Account template on a secret, see Managing Secrets documentation.