by 'application id' do you mean user login passwords for users to access the application, or service accounts stored in the application or something else ?
specifically what bsa 'application ids' are you looking to put under this management ?
We are not talking about the user login/passwords for access to the application console. We are talking about the application accounts used when deploying the packages throughout the server environment. The Bladelogic agents run as root and when packages are deployed, the first action is to switch user to the application account that has access to update the application code on the servers. We have all lines of business running code deployments across our server environment and we have multiple application id's used by Bladelogic. Let me know if you need more clarification.
ok, so the agent runs as root. are you doing a 'su' in the blpackage and then running whatever or are you mapping to the application account via the rscd user mapping?
in either case, you don't need to know the user's password. unless you've done something really restrictive su - user as root will not prompt for a password. and the user mapping via the rscd would not either.
Does ID Vault has some CLI (Command Line Interface) or Query language through which you can retrieve the required information? If yes, you may use those commands in the Package or NSH Script (using nexec)?
The only need for ID vault integration is for the app itself to connect to the data base. The appservers have been configured to use the schema owner id "bladelogic" to connect to the bltprd00_all data base. Our Access Management remotes into the GUI we used during the install of the appserver software for entering the user id/password combination..
So that the appserver gets the password for this id (bladelogic) from ID Vault, the appserver has to be compatible with it.
ok, i'm confused. because you said:
"The Bladelogic agents run as root and when packages are deployed, the first action is to switch user to the application account that has access to update the application code on the servers"
-> that has nothing to do w/ the bladelogic db user account.
"The only need for ID vault integration is for the app itself to connect to the data base."
"the app itself" => bladelogic ?
"Our Access Management remotes into the GUI we used during the install of the appserver software for entering the user id/password combination.."
-> so you need the password provided at install time only or whenever the password is changed ?. currently the password is stored in the global.properties file on the appserver's file system.
right now there is no way for bsa to pull the bladelogic db user password from a 3rd party system. if you have an API to hit your vault system you could probably write something that would periodically query, get it in plain text and use blasadmin to update the appserver configuration w/ the new password.