Object Export (Export to CSV)

The record list Export option allows a System Administrator to export objects (vaults, folders or records) to a CSV file that can later be used as an Import into the same or a different PAM instance or location. Some common uses for this type of object level CSV Export / Import are:

Moving objects to a different PAM deployment such as Production to Staging / Test, regional deployment, or other examples.
Copying containers with child records between locations of the same PAM deployment. This is a good use case for geo-distributed departments or individual clients in an MSP-type deployment.
Migrating or consolidating multiple PAM objects into one instance or splitting a single instance into several regional or client-based setups.
Making an export of a customer’s vault by a managed service provider (MSP) which can later be used for importing into an independent PAM server in their network.
Creating hierarchy templates for multiple regional locations of MSP customers to use as a base for repeatable onboarding.
Moving data between personal vaults in the events of onboarding or offboarding of employees or move generic data out of a personal vault to shared vaults.
Making a copy of data from shared vaults to a developer’s personal vault for development and testing of PAM API integration scenarios.

The intent of this Export feature is to provide a System Administrator an option to export objects to a CSV file that can then be used to import to PAM. Each object’s values like Host, User, Password and others are encrypted by the user provided password so that the file itself does not contain these sensitive values in clear text.

To import this exported CSV file, the user will be required to provide the identical password that was used to encrypt the values during export. Failure to provide a password or providing the incorrect password will prevent the Import from being processed.

Considerations for CSV Object Export

Before you begin, please read the following considerations to determine if your requirements will be met by this feature.

Historical log data about the exported object(s) including, but not limited to, audit log events, change history, job history, session history and object metadata (ID, created by/date, modified by/date) are not exported. Imported objects are created as new objects in the destination location.
Linked objects will be created as new, non-linked objects after import.
Permission and Workflow configurations on the included object(s) are not exported.
Custom Record Type definitions are not exported. If a custom Record Type or Field is used by objects in the export, they must exist by the same name in the target instance prior to import for a successful result. The internal name of a field is used in the CSV file, not it’s Display Name.
Be aware of exported records that include Reference Records. The export file will contain the name of the Reference Records as a value, but it may not include the actual Reference Records depending on the user’s selection. Be sure to check the Import results to ensure the configured Reference Records was set properly.

Depending on the number of objects included in the Export, this operation can take several minutes or longer to complete. Please consider performing this operation during off-peak or low-peak times if you need to export > 1000 objects.

To Export a Parent Container to a CSV file:

Login to PAM with a System Administrator account. Only a System Administrator may create a CSV Export.
Navigate into the parent container, Vault or Folder, that you wish to Export.
Without selecting any objects, from this container’s Manage menu, choose the Export option.
When prompted, enter a password that will be used for encryption. Type it a second time to confirm your password.

Secure this export password in a safe location and do not share it with others unless required. If lost, you will not be able to recover this password from PAM nor the exported CSV file.
Click the Export button to begin the export process of all the objects located within this container.
When the Export is complete, the CSV file will be downloaded from your web browser. The CSV file will contain the parent folder from which the export was processed and all objects contained within this parent.

If a workflow binding has been applied to your account, then you must Request Export and be approved prior to having the option to perform an Export. The Workflow approval will only be applied to the container, and its child objects, from which the request was submitted. For example, if the Request Export was submitted on the folder named Production Servers, once approved, this user may then export the objects contained only within this folder for as long as the workflow approval remains active.

To Export Selective Objects to a CSV file:

Login to PAM with a System Administrator account. Only a System Administrator may create a CSV Export.
Navigate into the parent container, Vault or Folder, that you wish to Export.
From within this container, select the objects to export by clicking the checkbox next to each object to include.

Please note that if you select a folder, this will include all child objects in this folder including any subfolders.
After you selected all the objects to include, from this container’s Manage menu, choose the Export option.
When prompted, enter a password that will be used for encryption. Type it a second time to confirm your password.

Secure this export password in a safe location and do not share it with others unless required. If lost, you will not be able to recover this password from PAM nor the exported CSV file.
Click the Export button to begin the export process of all the objects located within this container.
When the Export is complete, the CSV file will be downloaded from your web browser. The CSV file will only contain the selected objects.