Command Line Arguments

The following command line arguments are supported by Verify Privilege Vault Remote during installation only. They should not be used after installation to start the Verify Privilege Vault Remote.

  • -disablelocalvault
  • -logo
  • -logocollapsed
  • -ssauth

    The -ssauth option supports three values: local, external and web. For internal authentication types, use web.

  • -ssname
  • -ssurl

  • -reauthenticate

    The -reauthenticate option supports the following two values: y and n

You must use double quotes inside the KEYS parameter because the value of the KEYS parameter is quoted itself.

/quiet mode installation works only with Administrative privileges. If a user without administrator privileges runs the MSI with /quiet mode, nothing happens. If you would like to install the latest version of Verify Privilege Vault Remote via quiet mode installation, you must first remove the previous version before installing the new one.

When installing Verify Privilege Vault Remote via command line options to set the Verify Privilege Vault URL, these options will only be applied to the first user who logs in to Verify Privilege Vault Remote. If you would like to make them the default options, you can use the following workarounds:

  1. Prior to their initial log in, new users need to run Verify Privilege Vault Remote via command line with args -ssurl "your ss url" -ssname "your ss name" -ssauth "your auth type"

  2. Prior to their initial login, each user admin should create a file in path C:\ProgramData\Delinea\Connection Manager\repository.dat with the following content:

Copy 
[
{     "$type":"Delinea.ConnectionManager.Common.Models.SecretServerRepository, Delinea.ConnectionManager.Common",
    "Url":"Your SS url",
    "PlatformUrl":null,
    "UserName":null,
    "Password":null,
    "Domain":null,
    "AuthType":"Local",
    "TwoFactorAuthType":"None",
    "PinCode":null,
    "StoreCredentialsInLocalStorage":false,
    "SecretTempletes":null,
    "LoadAllTemplates":true,
    "Token":null,
    "PlatformToken":null,
    "ConnectionManagerSettings":null,
    "Id":null,
    "Name":"your SS name",
    "Type":"SecretServer",
    "IsAutoload":false
}
]

If your command line parameter includes any spaces or parentheses, be sure to place quotation marks around the MSI file. An example is below.

For example: "C:\Users\MyUser\Downloads\IBMSecurityVerify.PrivilegeVaultRemote
`\IBMSecurityVerify.PrivilegeVaultRemote2.5.0.WindowsInstaller.msi" /quiet RUNCM=runCM

Changing the Installation Path

Users can change the Verify Privilege Vault Remote installation path by inserting the INSTALLFOLDER variable during installation as shown in the example below:

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi.2.6.0.WindowsInstaller.msi /quiet RUNCM=runCM INSTALLFOLDER="C:\work"

Pre-Configuring Vault Connections on Install

Administrators can pre-configure IBM Security vault connections so that users do not have to create connections themselves when opening Verify Privilege Vault Remote for the first time. These connections can be pre-configured in the .DAT file:

Copy 
[
  {
    "$type": "Delinea.ConnectionManager.Common.Models.SecretServerRepository, Delinea.ConnectionManager.Common",
    "Url": "https://yourfirstvaulturl.com",
    "PlatformUrl": null,
    "UserName": null,
    "Password": null,
    "Domain": null,
    "AuthType": "Local",
    "TwoFactorAuthType": "None",
    "PinCode": null,
    "StoreCredentialsInLocalStorage": false,
    "SecretTempletes": null,
    "LoadAllTemplates": true,
    "Token": null,
    "PlatformToken": null,
    "ConnectionManagerSettings": null,
    "Id": null,
    "Name": "First Vault",
    "Type": "SecretServer",
    "IsAutoload": false
  },
  {
    "$type": "Delinea.ConnectionManager.Common.Models.SecretServerRepository, Delinea.ConnectionManager.Common",
    "Url": "https://yoursecondvaulturl.com",
    "PlatformUrl": null,
    "UserName": null,
    "Password": null,
    "Domain": null,
    "AuthType": "Local",
    "TwoFactorAuthType": "None",
    "PinCode": null,
    "StoreCredentialsInLocalStorage": false,
    "SecretTempletes": null,
    "LoadAllTemplates": true,
    "Token": null,
    "PlatformToken": null,
    "ConnectionManagerSettings": null,
    "Id": null,
    "Name": "Second Vault",
    "Type": "SecretServer",
    "IsAutoload": false
  }
]

Disabling Local Vault on Installation

Use this argument to disable the local vault on installation:

-disablelocalvault

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-disablelocalvault "

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app --args -disablelocalvault

Enabling/Disabling Auto Reauthenticate

This feature provides the option to configure vault reauthentication behavior in Verify Privilege Vault Remote. Users may keep the existing behavior that automatically restarts the authentication flow or force a fresh login when their vault session/refresh tokens have expired--mimicking the existing web API behavior.

The default value is -reauthenticate y. If the value is set to -reauthenticate n, the behavior will be more similar to the web API which forces a fresh login. The -reauthenticate n option is beneficial for users who use SAML configuration through an external identity provider with a longer session/refresh length and enables audit logs to correctly generate upon logout.

Use this argument to disable auto reauthenticate on installation:

-reauthenticate n

Example

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-ssurl ""https://secretserver.example.com/ss"" -ss-name ""new server"" -reauthenticate n"

Specifying Custom Logo Images to Copy to the Proper Location

The paths to the custom logo files, on Windows, are as follows:

  • C:\ProgramData\IBMSecurity\IBM Security Verify Privilege Vault Remote\Resources\logo.png

  • C:\ProgramData\IBMSecurity\IBM Security Verify Privilege Vault Remote\logo_collapsed.png

Use these arguments to specify custom logo images to be copied to the proper location:

-logo, -logocollapsed

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-logo ""/Library/Application Support/IBMSecurity\IBM Security Verify Privilege Vault Remote/Resources2/logo.png"" -logocollapsed ""/Library/Application Support/IBMSecurity\IBM Security Verify Privilege Vault Remote/Resources2/logo_collapsed.png"""

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app -args --logo (path to logo file) -logocollapsed (path to collapsed logo file)

Example Powershell Command Line

Copy 
.\IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS='"-logo ""/Library/Application Support/IBMSecurity\IBM Security Verify Privilege Vault Remote/Resources2/logo.png"" -logocollapsed ""/Library/Application Support/IBMSecurity\IBM Security Verify Privilege Vault Remote/Resources2/logo_collapsed.png"""'

The path to the custom logo files, on a Mac, is as follows:

  • Users/Shared/Application Support/IBMSecurity/IBM Security Verify Privilege Vault Remote

Two files are necessary to use custom logos:

  • Logo.png - 50 x 250 pixels
  • Logo_collapsed.png - 50 x 100 pixels

 

Pre-Creating a Verify Privilege Vault Connection

Use these arguments to pre-create a Verify Privilege Vault local or web connection on installation:

Copy 
-ssurl, -ssname, -ssauth

External Browser Connection

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-ssurl ""https://secretserver.example.com/ss"" -ss-name ""new server"" -ssauth external"

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app --args -ssurl "https://secretserver.example.com/ss " -ssname "new" -ssauth "external"

Example Powershell Command Line

Copy 
.\IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS='"-ssurl https://secretserver.example.com/ss -ssname ""new server"" -ssauth external"'

Local Connection

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-ssurl ""https://secretserver.example.com/ss"" -ss-name ""new server"" -ssauth local"'

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app --args -ssurl "https://secretserver.example.com/ss " -ssname "new" -ssauth "local"

Example Powershell Command Line

Copy 
.\IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS='"-ssurl https://secretserver.example.com/ss -ssname ""new server"" -ssauth local"'

Internal Browser Connection

Example for Windows

Copy 
IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS="-ssurl ""https://secretserver.example.com/ss"" -ss-name ""new server"" -ssauth web"

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/DelineaConnectionManager.pkg -target / && open /Applications/Delinea/Delinea\ Connection\ Manager.app --args -ssurl "https://secretserver.example.com/ss " -ssname "new" -ssauth "web"
Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app --args -ssurl "https://secretserver.example.com/ss  " -ssname "new" -ssauth "web"

Example Powershell Command Line

Copy 
.\IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS='"-ssurl https://secretserver.example.com/ss -ssname ""new server"" -ssauth web"'

Disabling Local Vault

Example Powershell Command Line

Copy 
`.\IBMSecurityVerify.PrivilegeVaultRemote.msi /quiet RUNCM=runCM KEYS='"-disablelocalvault"'

Example for MacOS

Copy 
sudo installer -pkg ~/Downloads/IBM.pkg -target / && open /Applications/IBMSecurity/IBM\ Security\ Verify\ Privilege\ Vault\ Remote.app --args -disablelocalvault