Reference Guide
...
Password Vault
Shared Accounts Password Manag...
SAPM SSH Key Rotation
Even though the passwords for the privileged accounts are changed, rotated, or stored by the SAPM module, users who have downloaded RSA Private Keys for their accounts continue logging in to the systems with these private keys. To prevent this, SSH Keys can be changed by the SAPM module periodically as well. To add an SSH key to SAPM:
- Navigate to SAPM Management > SAPM Management.
- Open the SAPM Accounts tab.
- Enter the Host, Change Period, and Username.
- Select One of the SSH Key Types as the Configuration. This action changes the Password field to an RSA Private Key field.
- Establish an SSH connection to the target device and copy the contents of the /home//.ssh/id_rsa file (or any other path that includes the RSA Private Key for the user)
- Paste the file into the RSA Private Key field.
- Click Save.
- Confirm the pop-up dialog box.
SSH Key defining in the SAPM Accounts page

The SAPM account will be saved and listed in the SAPM Accounts section. From this moment on, if the account type is dynamic, the SSH Key will be changed periodically. If the account type is static, the SSH Key will be unchanged.
The process of checking out and resetting the SSH Key is similar to any other SAPM account.