BeyondTrust Password Safe Secrets
This guide provides information and steps for Integration a Linux Control Center Script with BeyondTrust Password Safe Secrets.
Last updated
This guide provides information and steps for Integration a Linux Control Center Script with BeyondTrust Password Safe Secrets.
Last updated
The Secrets Safe It allows you to securely store secrets owned by developers and small groups in a controlled environment.
Through this integration it will be possible to retrieve a Secrets from BeyondTrust Password Safe and use it as a variable within a Linux Control Center Script.
User Group must be "Secrets Safe" feature.
Create a Secret in Secrets Safe.
Add Credential.
To enable a secrets security feature, you must edit a user group that has a user that will be used to authenticate to the BeyondTrust API.
Go to target user group where the user belongs, click on vertical elipse and go to View Group Details.
On the group page, go to Features tab and select Disabled Features on "Show" field.
Select the Secrets Safe feature, click on the vertical elipses and select Assign Permissions Full Control.
After these steps, the users from this groups is able to interact with Secrets Safe from BeyondInsight Password Safe API.
From the left menu, click Secrets Safe.
From the Folders pane, select a folder, and then click Add Secret above the grid.
Select your secret type: Add Credential, Add File, or Add Text, and then fill out the form for each type as detailed in below steps.
Enter a Title, Description, and Username.
Set the password:
Select Manual Input to manually enter a password or Select Auto Generate and select a Password Policy from the list to have a password created based on the defined policy.
Click Create Secret.
Ensure the BeyondTrust Password Safe integration is enabled in your Linux Control Center.
Create a Quick BeyondTrust Credential.
Create a Quick Windows Inventory.
Create a Linux Control Center Script and assign Custom or Default BeyondTrust Credentials and Variables.
Create a Workflow to execute a Custom Script for Windows/Linux.
A Quick BeyondTrust Credential is a custom credential used to perform authentication on BeyondTrust Password Safe API.
To create a Quick BeyondTrust Credential, go to left menu Unmanaged Hosts > Quick Credentials BeyondTrust and click ADD.
Enter the necessary fields to perform authentication such as Name, API URL Base, API Auth Key, API Auth Username & Password and Managed Account used retrieve the Secrets. Click Save.
Note that the user being used to authenticate belongs to the aforementioned group, therefore he has access to the Secrets of this group in which he has permission to interact.
The Inventory function in Linux Control Center is the way to group information from a host such IPv4 Address, Host Type (Windows and Linux) and Port, to perform a future authentication.
A Linux Control Center Windows authentication is based on Windows Remote Management (WinRM) that allows systems to access or exchange management information over a network, the default port is 5985 over a HTTPS transport.
To create a Quick Windows Inventory go to Unmanaged Hosts > Quick Inventory and click ADD.
Enter a Name, Address, Port and select the host type from the droplist below (Windows or Linux).
In this Script example, the following powershell template will be used:
To create a Script, go to Unmanaged Hosts > Script and click ADD.
Enter a Name and select the Host Type field, for the powershell, it will be a Windows type. Upload the script template on the Upload File field, and Click Save.
The script's needs to a variable assigned before to start execution.
The Variable in the BeyondTrust Secrets Safe context, it is the retrieved Secrets from the Password Safe Secrets Safe manager. Therefore, to reveal the secrets linked to a Quick BeyondTrust Credential, click on the newly created Script object and go to the Credential tab.
Select which login credential will be used, if you choose BeyondTrust Default the default configuration in Config > Integrations > BeyondTrust will be used.
If you choose to use a Quick Credential, select BeyondTrust Custom and choose the credential. The same options is valid for the Variables field.
Click on Save to perform a new job with "List Secrets" action.
After succesfully action, go back to Custom Script Configuration and Variables tab. Select the BeyondTrust Secret Type field and choose the Secrets Value and Secrets Type recovered by the List Secrets action.
Click on Save.
To perform a Script Execution a script on the target Host in Quick Inventory it is necessary to create a Workflow to guide the Linux Control Center to execute.
From left menu, go to Workflow and click ADD.
On Add Workflow page, click on Start and select Execute Custom Script Quick Windows.
Select the Scripts and Quick Inventory Windows fields unlocked by the Execute Custom Script Quick Windows option and click Save.
Click on the newly Workflow object Actions button and click Run to perfom a Script Execution.
The Script Output is stored on home directory from the user used to perform a Script Execution on the target Host in Quick Inventory Windows.
