How To: Retrieve credentials from Osirium PAM

Modified on Fri, 26 Jan at 5:00 PM


If you are required to replace Osirium PAM, there is key information such as account credentials, session recordings etc that you may wish to extract from the PAM Server before it is decommissioned.

This article provides instructions on how to retrieve credentials for all Known, Managed and control accounts from the PAM Server and export them in a KeePass file. For a full list of recommended offboarding tasks see Offboarding Data from Osirium PAM.

Applicable Versions




User MUST have an Osirium PAM role of Owner to carry out this task. 

To retrieve credentials for all Known, Managed and control accounts from Osirium PAM:

  1. Within the Admin Interface click Accounts in the left-hand menu.
  2. On the Manage accounts page, click on the GENERATE BREAKGLASS button. 
  3. Within the Generate breakglass window, enter the required details:
    My passwordYour Osirium PAM logon password.
    KeePass passwordThe password that will be used to encrypt the breakglass file.
    NOTE If a password policy has been configured then this password must conform to the policy settings. See PAM Server local password policy.
    KeePass password againConfirm the above.
  4. Click GENERATE.  
  5. Within the Question window, click YES once you have confirmed the file has been downloaded.  Depending on your setup, the file will be downloaded as follows: 
    • If your Admin Interface is NOT being recorded and depending on how your browser is set up, the file will either be downloaded or you will be prompted to select a location to save the file. 
    • If your Admin Interface is being recorded, then you will need to use the Shared Drive to download the file. Click here for more information.
  6. On your workstation, find the location of the downloaded Backup file and extract it to a suitable location. You will see the breakglass.kdbx file listed.  To view the .kdbx file you will need a Keepass Password Safe application
  7. Open the .kdbx file within your Keepass Password Safe application.
  8. Enter the Backup breakglass passphrase configured in the Admin Interface.
  9. Within the KeePass Password Safe window, select the device in the left-hand menu that you want to reveal the password for.
  10. In the right-hand window, select the account, right-click, and select Copy Password from the menu.
  11. The password copied from the KeePass breakglass file is copied to you local clipboard and available to be pasted.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article