RSA DB Import / Export Command available?
beside our RSA AM 8.4 p14 PROD environment, we've got another one separated from PROD (the two Primary servers aren't able to "see" each other as there's dedicated networks). We like to have a possibility to export Tokens, Users and Token Assignments from PROD environment and to import that data to the second (QA) environment. Preferably by cron Job / command line. Til now, I wasn't able to find anything able to do that job.
And yes, I do know the manual export / import function and so backup & restore. We'd like to have it the automated way though and the database export / import will do the trick, in case we can automate it.
Thanks in advance - cheers,
- Auth Manager
- Authentication Manager
- Community Thread
- export-import users&tokens from internal database
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
The admin API has the same functionality you can use in the Security Console for export/import users and tokens, so you could write your own code to do this using these classes
Class Summary Class Description DownloadExportPkgCommandDownload the exported tokens (or users with their tokens) to a file on the client machine. ExportIdentitySourceInfoDTOThin DTO object to hold information about identity sources. ExportInfoDTOContains information about a successful tokens and users export, such as the export file name, number of tokens and (optionally) number of users exported. GenerateSecureExportPkgCommandGenerates a Security Package used to export tokens to a file that is securely encrypted. ImportInfoDTOContains information about tokens (and optionally users) collected during the import process. PreImportInfoDTOContains information required for user input, prior to performing an Import. VerifyImportFileAndFetchPreImportDataCommandVerifies the integrity of the import file and fetches the data required prior to performing an actual import.
As Ed indicates, trying to do anything direct with postgres sql would be risky because it's not supported, but the Admin API is supported and could be used to do something, which could then possibly be scheduled in cron.
Possible variation on this might be a VMware replica in Production, which would be isolated from the agents as a kind of real-time backup of the primary. Then you could clone it, deploy in QA and promote.