Adding vault entry via REST API in 3.6

We have successfully used /rest/prvcrdvlt/Vault to add vault entries using the REST API with PAM 3.2 and 3.5. However, with 3.6, we are seeing some odd behavior. First, the "PUT /rest/prvcrdvlt/Vault" succeeds. However, when visiting https://<pam>/pam->Credential Vault, we are seeing the following:

clipboard_image_2.png

This is expected after adding the vault entry. However, when we then click on this icon, we see:

clipboard_image_3.png

Note only 6 entries appear. So, why does the overview indicate 7 vault entries? This was not the case with PAM 3.3/3.5.

We are passing the following to the PUT request:

{
  "Vault": {
    "CFG": {
      "SSH": {
        "host": "test-server",
        "port": "22"
      }
    },
    "type": "ssh",
    "name": "test-server",
    "ACL": {
      "Role": {
      }
    }
  }
}
  • Verified Answer

    We modified the PUT request to add "profile": "101" and our vault entry is now visible in the credential vault. This was not necessary with PAM 3.2/3.5 so either this is a bug or a new requirement. The "profile" attribute is not documented in the REST API PDF guide.

    {
      "Vault": {
        "CFG": {
          "SSH": {
            "host": "test-server",
            "port": "22"
          }
        },
        "type": "ssh",
        "name": "test-server",
        "profile": "101",
        "ACL": {
          "Role": {
          }
        }
      }
    }  

     

  • Yes, this is correct. I have provided this feedback to the Engineering team so that the doc can be corrected. Profile id is necessary for the UI to render the resources. It is something that was added since 3.2 and has not been appropriately documented.