Break Glass Configuration

What is break glass configuration?

"Break glass configuration" in Cymmetri refers to a method of obtaining the list of username and passwords of vault users without resetting them. It involves setting up special user accounts that can be used in emergencies to generate an envelope of vault user credentials and send it as a email to the configured user.

For configuring the user(s) we need to select the user(s) from the dropdown as shown below and need to enter a password.

Sending the vault user credentials can be done in two ways:

  1. Configure a scheduler which sends the email at the configured date-time and mentioned frequency as shown below:

  2. Generate and send the envelope manually for All or specific user(s) as shown below:

The email sent to the configured user consists of a .csv file containing user details in encrypted format as shown here:

The User then needs to use a Utility called PassEnvelopeReader to decrpyt the encrypted data and view the list of usernames and password. This utility asks for a password at the beginning to be able to access and decrypt the user details.