Rotate Credentials for Bomgar Vault and Other Systems

Credential rotation is an essential part of making sure your organization stays secure. Bomgar Vault allows you to rotate credentials via two different methods.

  • Automated Rotation: During the credential creation process, you can configure credentials to automatically rotate or to change at certain intervals or after certain events, such as a check in. To learn more about configuring credentials for automated rotation, please see Add Credentials in Bomgar Vault.
  • Force Change: This allows a user to manually force the system to rotate a credential on demand, without waiting for a configured time interval or event to trigger automatic rotation."

This section discusses how to force change credentials.

Force Change Credentials

The Credentials menu found in the header navigation, allowing you to access Credentials, Credential Policies, and Application Credentials.

To force a credential to rotate, follow the steps below.

  1. Go to Credentials > Credentials.
  2. From the Credentials grid, locate the credential you wish to rotate.

    The Rotate icon found in the Credentials grid on the Credentials page.

  4. Click on the Rotate icon.

    The On Demand Rotation prompt that allows you to choose how you would like to rotate a credential.

  6. When the on demand rotation prompt appears, select whether you wish to rotate the credential in Bomgar Vault and for all areas where the credential is used or only in Bomgar Vault.

    The Forced Change page showing credential information.

  8. On the Forced Change page, enter a new password as well as the reason for changing the password.
  9. When finished, click Accept. The credential is then rotated. Be aware rotation may take a few minutes to complete.


SSH Considerations

Since SSH commonly uses a private key and passphrase, these credentials have additional items to consider.

The Forced Change page displaying the Upload option for SSH keys.

  • Rotation: For SSH-affiliated credentials, you can upload a new private key and enter in a new passphrase instead of entering in a new password on the Forced Changed page.

    The Forced Change page displaying the Generate option for SSH keys.

  • Key Generation: For SSH-affiliated credentials, you can choose to generate a new private key by selecting the Generate option on the Forced Changed page.