PowerBroker Password Safe - BeyondTrust · echo "Verifying that AWS CLI has configured credentials...

PowerBroker Password Safe

Amazon AWS - Rotate Access Key

Amazon AWS – Rotate Access Key 2 © 2017. BeyondTrust Software, Inc

Revision/Update Information: November 2017

Software Version: NA

Revision Number: 0

Corporate Headquarters

5090 N. 40th Street Phoenix, AZ 85018

Phone: 1 818-575-4000

COPYRIGHT NOTICE

Copyright © 2017 BeyondTrust Software, Inc. All rights reserved.

The information contained in this document is subject to change without notice.

No part of this document may be photocopied, reproduced or copied or translated in any manner to another language without the prior written consent of BeyondTrust Software.

BeyondTrust Software is not l iable for errors contained herein or for any direct, indirect, special, incidental or consequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material.

All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. BeyondTrust Software is not associated with any other vendors or products mentioned in this document.


Contents

Introduction......................................................................................................................................4

Contacting Support.........................................................................................................................4

Download and Configure Amazon AWS ............................................................................................5

Configure API Users in BeyondInsight ...............................................................................................6

Create an Asset for AWS ...................................................................................................................8

.NET Using CSharp Example .......................................................................................................... 19

ServiceNow Example .................................................................................................................... 22


Introduction

This guide provides information on rotating the access key with Amazon AWS and PowerBroker Password Safe. The information includes configuring AWS and Password Safe.

Contacting Support

For support, go to our Customer Portal then follow the link to the product you need assistance with.

The Customer Portal contains information regarding contacting Technical Support by telephone and chat, along with product downloads, product installers, license management, latest product releases, product documentation, webcasts and product demos.

Telephone

Privileged Account Management Support

Within Continental United States: 800.234.9072

Outside Continental United States: 818.575.4040

Vulnerability Management Support

North/South America: 866.529.2201 | 949.333.1997

+ enter access code

All other Regions

Standard Support: 949.333.1995

+ enter access code

Platinum Support: 949.333.1996

+ enter access code

Online

http://www.beyondtrust.com/Resources/Support/




Download and Configure Amazon AWS

1. Get a free instance of Amazon AWS and create a user in IAM. You can get your instance here:

https://aws.amazon.com/free/

2. Add some permissions specific to API access for the user.

3. Create an Access Key for the user.

4. Download AWS CLI Bundled Installer. See http://docs.aws.amazon.com/cli/latest/userguide/awscli-

install-bundle.html

https://aws.amazon.com/free/

http://docs.aws.amazon.com/cli/latest/userguide/awscli-install-bundle.html

http://docs.aws.amazon.com/cli/latest/userguide/awscli-install-bundle.html


5. Once AWS CLI is installed, execute aws configure.

For example:

[root@lserver01 aws]# aws configure

AWS Access Key ID [****************74EA]:

AWS Secret Access Key [****************iMO8]:

Default region name [us-west-2]:

Default output format [json]:

You can check https://aws.amazon.com/cli/

Configure API Users in BeyondInsight

1. In BeyondInsight configure API Registration. You will need the Key for the upcoming script to rotate

the Access Key.

2. Create a group(API Users) and add Smart Rule roles. Check Enable Application API for your

Integration.

https://aws.amazon.com/cli/


3. For All Managed Accounts Smart Rule, select Credentials Manager role (required).

4. Create a service account for API access.


Create an Asset for AWS

1. Manually create an Asset for AWS. You can select Windows server for the type.

2. Click the arrow on the right, and select Add to Password Safe.


3. Select the Platform type Windows.

4. Save and click the Local Accounts tab.

5. Create a Managed Account. This account is the account you created in AWS for AWS API access. It is

a container for the Access Key.

Now you can call the Password Safe REST API and retrieve the password. You can try with the Linux scripts below(getManagedAccounts.sh). I created the scripts under /root/aws in my lab.

---------------------------

/usr/bin/curl -i -c /root/aws/pbpscookie.txt -X POST

https://172.16.0.111/BeyondTrust/api/public/v3/auth/SignAppin -H "Content-Type:

application/json" -H "Authorization: PS-Auth key=

0f9f0b3a6ece800f22052febfba51ceef13393255dc2a138b5129e106bc88c3555c67c

0b0aa486a7bc527b9874cfa86aab1038a0b2778380fae3c053ea60d446; runas=snowAPI;" -d "" -

k;

/usr/bin/curl -i -b /root/aws/pbpscookie.txt -X GET

https://172.16.0.111/BeyondTrust/api/public/v3/ManagedAccounts -H "Content-Type:



0b0aa486a7bc527b9874cfa86aab1038a0b2778380fae3c053ea60d446;

runas=snowAPI;" -d "" -k -o ManagedAccounts.json;

/usr/bin/curl -i -b /root/aws/pbpscookie.txt -X POST

https://172.16.0.111/BeyondTrust/api/public/v3/auth/Signout -H "Content-Type:




k;

---------------------------


6. Replace the key with your key value, and the IP address with the one for your

BeyondInsight/Password Safe server.

The output will look similar to the following:

---------------------------

HTTP/1.1 200 OK

Cache-Control: no-cache Pragma: no-cache

Content-Type: application/json; charset=utf-8 Expires: -1

Server: Microsoft-IIS/8.5

X-AspNet-Version: 4.0.30319

X-Content-Type-Options: nosniff X-Frame-Options: DENY

x-xss-protection: 1; mode=block

Date: Sat, 19 Aug 2017 18:16:02 GMT

Content-Length: 3269

[{"PlatformID":1,"SystemId":1,"SystemName":"app01","DomainName":null,"

AccountId":2,"AccountName":"administrator","AccountNameFull":"administ

rator","MaximumReleaseDuration":10065,"MaxReleaseDurationDays":6,"MaxR

eleaseDurationHours":23,"MaxReleaseDurationMinutes":45,"InstanceName":

"","DefaultReleaseDuration":120,"DefaultReleaseDurationDays":0,"Defaul

tReleaseDurationHours":2,"DefaultReleaseDurationMinutes":0,"LastChange Date":"2017-

06-23T22:39:11.387","NextChangeDate":"2017-08-03T07:00:00"

,"IsChanging":false,"IsISAAccess":true},{"PlatformID":1,"SystemId":15,

"SystemName":"AWS

(Amazon)","DomainName":null,"AccountId":18,"AccountName":"btuapi","Acc

ountNameFull":"btuapi","MaximumReleaseDuration":10079,"MaxReleaseDurat

ionDays":6,"MaxReleaseDurationHours":23,"MaxReleaseDurationMinutes":59

,"InstanceName":"","DefaultReleaseDuration":120,"DefaultReleaseDuratio

nDays":0,"DefaultReleaseDurationHours":2,"DefaultReleaseDurationMinute

s":0,"LastChangeDate":"2017-08-19T18:14:34.77","NextChangeDate":"2017- 09-

01T04:00:00","IsChanging":false,"IsISAAccess":true},

...

---------------------------

Note the SystemId(15) and AccountId(18) in the example.

Then you can retrieve the password with this script(getPassword.sh):

---------------------------






k;

MyResponse=$(/usr/bin/curl -i -b /root/aws/pbpscookie.txt -X POST

https://172.16.0.111/BeyondTrust/api/public/v3/ISARequests -H "Content-Type:




0b0aa486a7bc527b9874cfa86aab1038a0b2778380fae3c053ea60d446; runas=snowAPI;" -d

'{"SystemID":"15","AccountID":"18","DurationMinutes":"1","Reason":"tes t"}' -k);

MyPassword=$(/bin/echo $MyResponse | /usr/bin/sed -n 's:.*"$.*$".*:

\1:p');


https://172.16.0.111/BeyondTrust/api/public/v3/auth/Signout -H "Content-Type:




k;

/bin/echo $MyPassword > MyPassword.txt

---------------------------

Again, replace Key and IP address.

Open MyPassword.txt, you should see the current password for btuapi account. Then you can use the main script(rotateKey.sh). This script does 2 things:

1 Rotates the Access Key in AWS;

2 Updates the Managed Account password in Password Safe.

---------------------------

#!/usr/bin/env bash

echo "Verifying that AWS CLI is installed ..."

command -v aws >/dev/null 2>&1 || { echo >&2 "AWS CLI tools are required, but

couldn't be found. Please install from https://aws.amazon.com/cli/. Aborting.";

exit 1; }

echo "Verifying that AWS CLI has configured credentials ..."

ORIGINAL_ACCESS_KEY_ID=$(aws configure get aws_access_key_id)

ORIGINAL_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key) if [ -z

"$ORIGINAL_ACCESS_KEY_ID" ]; then

>&2 echo "ERROR: No aws_access_key_id/aws_secret_access_key configured for AWS CLI.

Run 'aws configure' with your current keys."

exit 1

fi

EXISTING_KEYS_CREATEDATES=0

EXISTING_KEYS_CREATEDATES=($(aws iam list-access-keys --query

'AccessKeyMetadata[].CreateDate' --output text))

NUM_EXISTING_KEYS=${#EXISTING_KEYS_CREATEDATES[@]}

if [ ${NUM_EXISTING_KEYS} -lt 2 ]; then

echo "You have only one existing key. Now proceeding with new key creation."

else

echo "You have two keys (maximum number). We must make space ..."

IFS=$'\n' sorted_createdates=($(sort

<<<"${EXISTING_KEYS_CREATEDATES[*]}"))

unset IFS


echo "Now aqcuiring data for the older key ..."

OLDER_KEY_CREATEDATE="${sorted_createdates[0]}"

OLDER_KEY_ID=$(aws iam list-access-keys --query "AccessKeyMetadata[?

CreateDate=='${OLDER_KEY_CREATEDATE}'].AccessKeyId" --output text)

OLDER_KEY_STATUS=$(aws iam list-access-keys --query

"AccessKeyMetadata[?CreateDate=='${OLDER_KEY_CREATEDATE}'].Status" -- output text)

echo "Now aqcuiring data for the newer key ..."

NEWER_KEY_CREATEDATE="${sorted_createdates[1]}"

NEWER_KEY_ID=$(aws iam list-access-keys --query "AccessKeyMetadata[?

CreateDate=='${NEWER_KEY_CREATEDATE}'].AccessKeyId" --output text)

NEWER_KEY_STATUS=$(aws iam list-access-keys --query

"AccessKeyMetadata[?CreateDate=='${NEWER_KEY_CREATEDATE}'].Status" -- output text)

key_in_use="" allow_older_key_delete=false allow_newer_key_delete=false

if [ ${OLDER_KEY_STATUS} = "Active" ] && [ ${NEWER_KEY_STATUS} = "Active" ] &&

[ "${NEWER_KEY_ID}" = "${ORIGINAL_ACCESS_KEY_ID}" ]; then

# both keys are active, newer key is in use key_in_use="newer"

allow_older_key_delete=true key_id_can_delete=$OLDER_KEY_ID

key_id_remaining=$NEWER_KEY_ID

elif [ ${OLDER_KEY_STATUS} = "Active" ] && [ ${NEWER_KEY_STATUS} = "Active" ] &&

[ "${OLDER_KEY_ID}" = "${ORIGINAL_ACCESS_KEY_ID}" ]; then

# both keys are active, older key is in use key_in_use="older"

allow_newer_key_delete=true key_id_can_delete=$NEWER_KEY_ID

key_id_remaining=$OLDER_KEY_ID

elif [ ${OLDER_KEY_STATUS} = "Inactive" ] &&

[ ${NEWER_KEY_STATUS} = "Active" ]; then

# newer key is active and in use key_in_use="newer" allow_older_key_delete=true

key_id_can_delete=$OLDER_KEY_ID key_id_remaining=$NEWER_KEY_ID

elif [ ${OLDER_KEY_STATUS} = "Active" ] &&

[ ${NEWER_KEY_STATUS} = "Inactive" ]; then

# older key is active and in use key_in_use="older" allow_newer_key_delete=true

key_id_can_delete=$NEWER_KEY_ID

else

echo "You don't have keys I can delete to make space for the new key. Please delete

a key manually and then try again."

echo "Aborting." exit 1

fi

fi

if [ "${allow_older_key_delete}" = "true" ] ||

[ "${allow_newer_key_delete}" = "true" ]; then

echo "To proceed you must delete one of your two existing keys; they are listed

below:"

echo

echo "OLDER EXISTING KEY (${OLDER_KEY_STATUS}, created on


${OLDER_KEY_CREATEDATE}):"

echo -n "Key Access ID: ${OLDER_KEY_ID} "

if [ "${allow_older_key_delete}" = "true" ]; then echo "(this key can be deleted)"

elif [ "${key_in_use}" = "older" ]; then

echo "(this key is currently your active key)"

fi echo

echo "NEWER EXISTING KEY (${NEWER_KEY_STATUS}, created on

${NEWER_KEY_CREATEDATE}):"

echo -n "Key Access ID: ${NEWER_KEY_ID} "

if [ "${allow_newer_key_delete}" = "true" ]; then echo "(this key can be deleted)"

elif [ "${key_in_use}" = "newer" ]; then

echo "(this key is currently your active key)"

fi echo echo

echo "Enter below the Access Key ID of the key to delete, or leave empty to cancel,

then press enter."

read key_in

if [ "${key_in}" = "${key_id_can_delete}" ]; then echo "Now deleting the key

${key_id_can_delete}"

aws iam delete-access-key --access-key-id "${key_id_can_delete}" if [ $? -ne 0 ];

then

echo "Could not delete the access keyID ${key_id_can_delete}.

Cannot proceed."


fi

elif [ "${key_in}" = "" ]; then echo Aborting.

exit 1 else

echo "The input did not match the Access Key ID of the key that can be deleted. Run

the script again to retry."


fi

fi

echo

echo "Creating a new access key for the current IAM user ..."

NEW_KEY_RAW_OUTPUT=$(aws iam create-access-key --output text)

NEW_KEY_DATA=($(printf '%s' "${NEW_KEY_RAW_OUTPUT}" | awk {'printf ("% 5s\t%s", $2,

$4)'}))

NEW_AWS_ACCESS_KEY_ID="${NEW_KEY_DATA[0]}"

NEW_AWS_SECRET_ACCESS_KEY="${NEW_KEY_DATA[1]}"

echo "Verifying that the new key was created ..." EXISTING_KEYS_ACCESS_IDS=($(aws

iam list-access-keys --query 'AccessKeyMetadata[].AccessKeyId' --output text))

NUM_EXISTING_KEYS=${#EXISTING_KEYS_ACCESS_IDS[@]}

if [ ${NUM_EXISTING_KEYS} -lt 2 ]; then

>&2 echo "Something went wrong; the new key was not created." echo "Aborting"


exit 1

fi

echo "Pausing to wait for the IAM changes to propagate ..." COUNT=0

MAX_COUNT=20

SUCCESS=false

while [ "$SUCCESS" = false ] && [ "$COUNT" -lt "$MAX_COUNT" ]; do sleep 10

aws iam list-access-keys > /dev/null && RETURN_CODE=$? || RETURN_CODE=$?

if [ "$RETURN_CODE" -eq 0 ]; then SUCCESS=true

else

COUNT=$((COUNT+1))

echo "(Still waiting for the key propagation to complete ...)"

fi done

if [ "$SUCCESS" = "true" ]; then echo "Key propagation complete."

echo "Configuring new access key for AWS CLI ..."

aws configure set aws_access_key_id "$NEW_AWS_ACCESS_KEY_ID"

aws configure set aws_secret_access_key "$NEW_AWS_SECRET_ACCESS_KEY"

echo "Verifying the new key is in place, and that IAM access still works ..."

revert=false

CONFIGURED_ACCESS_KEY=$(aws configure get aws_access_key_id)

if [ "$CONFIGURED_ACCESS_KEY" != "$NEW_AWS_ACCESS_KEY_ID" ]; then

>&2 echo "Something went wrong; the new key could not be taken into use."

revert=true

fi

# this is just to test access via AWS CLI; the content here doesn't matter (other

than that we get a result)

EXISTING_KEYS_ACCESS_IDS=($(aws iam list-access-keys --query

'AccessKeyMetadata[].AccessKeyId' --output text))


if [ ${NUM_EXISTING_KEYS} -ne 2 ]; then

>&2 echo "Something went wrong; the new key could not access AWS CLI."

revert=true

fi

if [ "${revert}" = "true" ]; then

echo "Reverting configuration to use the old keys."

aws configure set aws_access_key_id "$ORIGINAL_ACCESS_KEY_ID" aws configure set

aws_secret_access_key

"$ORIGINAL_SECRET_ACCESS_KEY"

echo "Original configuration restored." echo "Aborting."

exit 1

fi


echo "Deleting the previously active access key ..."

aws iam delete-access-key --access-key-id "$ORIGINAL_ACCESS_KEY_ID"

echo "Verifying old access key got deleted ..."

# this is just to test access via AWS CLI; the content here doesn't matter (other

than that we get a result)

EXISTING_KEYS_ACCESS_IDS=($(aws iam list-access-keys --query

'AccessKeyMetadata[].AccessKeyId' --output text))


if [ ${NUM_EXISTING_KEYS} -ne 1 ]; then

>&2 echo "Something went wrong deleting the old key, however your new key is now in

use."

fi echo

echo "switched from the old access key ${ORIGINAL_ACCESS_KEY_ID} to

${NEW_AWS_ACCESS_KEY_ID}"

echo "${NEW_AWS_ACCESS_KEY_ID}" > /root/aws/newKeyID.txt

echo "${NEW_AWS_SECRET_ACCESS_KEY}" > /root/aws/newKeySecret.txt echo

\{\"Password\":

\""${NEW_AWS_ACCESS_KEY_ID}"\;"${NEW_AWS_SECRET_ACCESS_KEY}"\"\,

\"UpdateSystem\":\"false\"\} > /root/aws/newKeyID.json

echo "Calling Password Safe to update Credentials"






k;

/usr/bin/curl -i -b /root/aws/pbpscookie.txt -X PUT

https://172.16.0.111/BeyondTrust/api/public/v3/ManagedAccounts/18/Cred entials -H

"Content-type: application/json" -H "Authorization: PS-Auth key=


0b0aa486a7bc527b9874cfa86aab1038a0b2778380fae3c053ea60d446; runas=snowAPI;" -d

@/root/aws/newKeyID.json -k -o UpdateManagedAccounts.json;


https://172.16.0.111/BeyondTrust/api/public/v3/auth/Signout -H

"Content-Type: application/json" -H "Authorization: PS-Auth key=



k;

echo "Done Calling Password Safe to update Credentials"

echo "Process complete." exit 0

else

echo "Key propagation did not complete within the allotted time.

This delay is caused by AWS, and does \

not necessarily indicate an error. However, the newly generated key cannot be

safely taken into use before \


the propagation has completed. Please wait for some time, and try to temporarily

replace the Access Key ID \

and the Secret Access Key in your ~/.aws/config file with the new key details

(below). Keep the old keys safe \

until you have confirmed that the new key works." echo

echo "PLEASE MAKE NOTE OF THE NEW KEY DETAILS BELOW; IT HAS NOT BEEN SAVED

ELSEWHERE YET!"

echo

echo "New AWS Access Key ID: ${NEW_AWS_ACCESS_KEY_ID}"

echo "New AWS Secret Access Key: ${NEW_AWS_SECRET_ACCESS_KEY}" echo

"${NEW_AWS_SECRET_ACCESS_KEY}" > /root/aws/newKey.txt

echo exit 1

fi

------------------------------------

You will need to replace key and IP address, and AccountId(18). The script output looks like this:

------------------------------------ [root@lserver01 aws]# cat MyPassword.txt

AKIAIDNXY3GJQBQQW5JA;xqiS5mAW91IXU7FkE4A0tHHci5SRcAP3u9cX+fxV

[root@lserver01 aws]# clear [root@lserver01 aws]# ./rotateKey_PBPS.sh Verifying

that AWS CLI is installed ...

Verifying that AWS CLI has configured credentials ...

You have only one existing key. Now proceeding with new key creation.

Creating a new access key for the current IAM user ... Verifying that the new key

was created ...

Pausing to wait for the IAM changes to propagate ... Key propagation complete.

Configuring new access key for AWS CLI ...

Verifying the new key is in place, and that IAM access still works ... Deleting the

previously active access key ...

Verifying old access key got deleted ...

switched from the old access key AKIAIDNXY3GJQBQQW5JA to AKIAIHSIV4MQTE66T3OQ

Calling Password Safe to update Credentials

HTTP/1.1 200 OK






Set-Cookie: ASP.NET_SessionId=lpoy14aqar03a3oehoiruo2s; path=/; HttpOnly X-Content-

Type-Options: nosniff

X-Frame-Options: DENY


Date: Sat, 19 Aug 2017 18:40:34 GMT

Content-Length: 101

{"UserId":10,"SID":null,"EmailAddress":"[email protected]","UserName":"snowAPI","Name"

:"API ServiceNow"} % Total % Received % Xferd Average Speed Time Time Time

Current

Dload Upload Total Spent Left Speed 100 99 0 0 100 99 0

141 --:--:-- --:--:-- --: 141

HTTP/1.1 200 OK

Cache-Control: no-cache Pragma: no-cache Content-Length: 0 Expires: -1





Date: Sat, 19 Aug 2017 18:40:34 GMT

Done Calling Password Safe to update Credentials Process complete.

[root@lserver01 aws]#

-------------------------------------------------

After the script executes, you will find the json document used to update Password Safe:

-------------------------------------------------

[root@lserver01 aws]# cat newKeyID.json

{"Password":"AKIAIHSIV4MQTE66T3OQ;yBkD/7h9mrM2OPw91e/Qzorxd98GTLWvEb3ezifc","U

pdateSystem":"false"}

[root@lserver01 aws]#


-------------------------------------------------

Now if you execute getPassword.sh again can cat MyPassword.txt, you will find the new Access Key ID and Secret concatenated with ; separator.

-------------------------------------------------

[root@lserver01 aws]# ./getPassword.sh HTTP/1.1 200 OK





Set-Cookie: ASP.NET_SessionId=j4rq4c0gx5t2rgpkjrbk0bu1; path=/; HttpOnly X-Content-

Type-Options: nosniff

X-Frame-Options: DENY


Date: Sat, 19 Aug 2017 18:46:17 GMT

Content-Length: 101

{"UserId":10,"SID":null,"EmailAddress":"[email protected]","UserName":"snowAPI","Name"

:"API ServiceNow"} % Total % Received % Xferd Average Speed Time Time Time

Current

Dload Upload Total Spent Left Speed

100 135 100 63 100 72 96 110 --:--:-- --:--:-- --:--:-- 110

HTTP/1.1 200 OK


Content-Length: 0 Expires: -1






Date: Sat, 19 Aug 2017 18:46:17 GMT

[root@lserver01 aws]# cat MyPassword.txt

AKIAIHSIV4MQTE66T3OQ;yBkD/7h9mrM2OPw91e/Qzorxd98GTLWvEb3ezifc [root@lserver01 aws]#

-------------------------------------------------

The Key Access ID should match the new key for the user in AWS IAM(refresh browser).

So we obtained the key programmatically using scripts based on curl. You can enable other types of scripts, including Python, VB, etc. You will need to use basic substring before/after logic around the ; separator and follow AWS instructions to generate authentication header with signature.

.NET Using CSharp Example

It is also interesting to look at A2A, or Application to Application, examples. The first one is based on .NET using CSharp.

-------------------------------------------------

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks; using


System.Net;

using System.Net.Http;

using System.Security.Cryptography.X509Certificates; using

System.IO;

namespace ConsoleApp1

{

class Program

{

static void Main(string[] args)

{

HttpClient client = new HttpClient();

client.DefaultRequestHeaders.Add("Authorization", "PS-Auth key=

0f9f0b3a6ece800f22052febfba51ceef13393255dc2a138b5129e106bc88c3555c67c0b0aa486a7bc5

27b9874cfa86aab1038a0b2778380fae3c053ea60d446; runas=snowAPI;");

string json = Newtonsoft.Json.JsonConvert.SerializeObject(null);

System.Net.Http.StringContent content = new StringContent(json);

content.Headers.ContentType = new

System.Net.Http.Headers.MediaTypeHeaderValue("application/json");

ServicePointManager.ServerCertificateValidationCallback += (sender,cert,

chain, sslPolicyErrors) => true;

HttpResponseMessage signInResponse =

client.PostAsync("https://172.16.0.111/BeyondTrust/api/public/v3/auth/SignAppin",

content).Result;

HttpResponseMessage ManagedAccountsResponse =

client.GetAsync("https://172.16.0.111/BeyondTrust/api/public/v3/ManagedAccounts").R

esult;

var MyPayload = "{ \"SystemID\":\"15\",\"AccountID\":\"18\",

\"DurationMinutes\":\"1\",\"Reason\":\"Test C Sharp\"}"; StringContent

MyContent = new StringContent(MyPayload);

MyContent.Headers.ContentType = new


System.Net.Http.Headers.MediaTypeHeaderValue("application/json");

HttpResponseMessage getResponse =

client.PostAsync("https://172.16.0.111/BeyondTrust/api/public/v3/ISARequests",

MyContent).Result;

Console.WriteLine("signInResponse = " + signInResponse);

Console.WriteLine("ManagedAccounts = " + ManagedAccountsResponse);

Console.WriteLine("ManagedAccounts String = " +

ManagedAccountsResponse.Content.ReadAsStringAsync().Result);

Console.WriteLine("getResponse = " + getResponse);

String myPassword = getResponse.Content.ReadAsStringAsync().Result;

Console.WriteLine("And the password is = ");

Console.WriteLine(myPassword);

Console.ReadKey();

}

}

}

-------------------------------------------------

Again you need to replace key, IP Address and AccountId.

Visual Studio .NET example CSharp Console App. This app is fully documented separately.


ServiceNow Example

This example uses ServiceNow.

ServiceNow application, fully documented separately.


ServiceNow application in action, based on Catalog Item.

PowerBroker Password Safe - BeyondTrust · echo "Verifying that AWS CLI has configured credentials...

Documents

Transcript of PowerBroker Password Safe - BeyondTrust · echo "Verifying that AWS CLI has configured credentials...