Resetting the secroot Account Password

The Cryptographic Security Platform Vault webGUI has a default Cryptographic Security Platform Vault-managed user account called secroot. If you do not remember the credentials of any Cryptographic Security Platform Vault user account with Security Administrator privilege, or if you are locked out of the Cryptographic Security Platform Vault webGUI, you can reset the secroot credentials with a temporary password. You can reset the password using one of the following methods: 

  • Generate random password and send it via email to secroot—Use this option to generate a random temporary password for the secroot user and securely send it to their email account that is registered in Cryptographic Security Platform Vault. The secroot user must have an email account configured in the Cryptographic Security Platform Vault webGUI and have access to email. We recommend that you use this option if secroot has email configured and has access to email.
  • Enter new temporary password for secroot—Use this option to enter a temporary password. You can either pass it to the secroot user outside of Cryptographic Security Platform Vault, or email it to the secroot user directly from Cryptographic Security Platform Vault.

Note: If you have Two-Factor Authentication enabled configured for secroot, you will be provided an option to optionally reset the secroot user's Two-Factor Authentication state/secret.

Procedure 

  1. Log into the Cryptographic Security Platform Vault VM console as htadmin .

    Cryptographic Security Platform Vault displays the Entrust Cryptographic Security Platform Vault System Console TUI (Text-based User Interface).

  2. Select Manage Accounts.

  3. In the Manage Accounts page, select secroot (Cryptographic Security Platform Vault webGUI default account).

  4. On the Cryptographic Security Platform Vault - Reset secroot Account page, choose the option that you want and complete the following: 

    • To use Cryptographic Security Platform Vault to generate a random password and send it to the secroot user:

      1. Select Generate random password and send it via email to secroot.
      2. On the Generate random password and send it via email to secroot page, optionally choose Reset Two-Factor Authentication.
      3. Select OK.

      The secroot user will receive an email with the temporary password. When they log into the Cryptographic Security Platform Vault webGUI with the temporary password, they are immediately prompted to update the password.

    • To enter your own temporary password for secroot:

      1. Select Enter new temporary password for secroot.

      2. On the Enter new temporary password for secroot page, optionally choose Reset Two-Factor Authentication and Send Temporary password to secroot via email.

        Note: If you choose to email the temporary password, the secroot user must have an email account configured in the Cryptographic Security Platform Vault webGUI and have access to emails.

      3. Select OK.
      4. Enter and confirm the temporary password.
      5. Select OK.

      6. On the confirmation screen, select OK.

      When the secroot user receives the temporary password and logs into the Cryptographic Security Platform Vault webGUI, they are immediately prompted to update the password.