Many prospects have asked for the ability to recover/dump registered credentials in PAM so they can keep working outside the framework if something goes wrong with it. They fear to get locked out of their systems should something goes wrong with PAM and they cannot fix it in a timely manner. Having that ability they could temporarily park PAM and fix whatever issue it may have while having direct access to their production systems with the recovered credentials.

What do you reckon?


  • So will the requirement be like PAM having the ability to export all the Credential Vault objects in clear text, say to a file. And this info would be server IP/DNS address of the servers and account name/password/key configured in PAM?
    Also is this what is termed as "Break Glass feature" in PAM world?

  • That's correct Rajesh, that's the idea.