PAM Account

An Account contains the credentials (such as a username and password) used to connect to a Resource.

Accounts belong to Resources. A single Resource can have multiple Accounts associated with it, each with different permission levels.

For example, your database would normally have multiple accounts. You might have a superuser account for admins, a standard read/write account for applications, and a read-only account for reporting.

In PAM, these are represented as:

When a user accesses a PAM account, they access a specific Account on a Resource. Users navigate to a resource, then select an account within it to gain access.

To add an account, navigate to the Resources tab in your PAM project, click into the resource you want to add an account to, and then click Add Account.

Provide the credentials (username, password, etc.) for this account. The required fields vary depending on the resource type. For example, for a Linux server, you would enter the username and the corresponding password or SSH key.

Clicking Create Account will trigger a validation check. Hanzo KMS will attempt to connect to the resource using the provided credentials to verify they are valid.

Hanzo KMS supports automated credential rotation for some accounts on select resources, allowing you to automatically change passwords at set intervals to enhance security.

To learn more about how to configure this, please refer to the Credential Rotation guide.