Distribute 2 Secrets
0 Votes |
Description
Varient: This variation also includes, a second hardcoded secret. This is not secure on the console or database, but would be secure "in flight" and "on the endpoint" and "in all client logs". If you require "console secure" then you should only use the first method where the taker of the action has to type in the secret when taking the action.
Property Details
3679 | |
Beta - Preliminary testing ready for more | |
Distribute 2 Secrets | |
BESC | |
Internal | |
7/31/2012 12:00:00 AM | |
brolly33 on 12/21/2013 7:00:42 AM | |
brolly33 on 12/21/2013 7:00:42 AM | |
9952 Views / 295 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
dos echo {parameter "secret" of action} > c:\secret
dos echo {parameter "secret2" of action} >> c:\secret
// uncomment this line to "clean up" the the secret in normal usage.
// delete c:\secret
// You may prefer to use the secret directly in commands instead of inserting it into a script file.
// if you choose this method, the plaintext secret will only exist briefly in memory on the endpoint during execution.
// dos net user adminstrator {parameter "secret" of action}
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |
Comments
|
|
Also of note - you can pass secure parameters in a REST action using the SecureParameter tag in your XML. Documented in the BES_XSD for the Action and SourcedFixletAction nodes. |
|
|
vipulmeche, you might have figured out by now, the secret distribution requires use of the client secure mailbox, and therefore cannot be targeted dynamically. If you are sending to more than 10,000 machines you will have to break your list up. |
|
|
Hi jgstew, This task does not allow to choose" Dynamically target by Property". It is greyed out. The problem is that I am trying to use this task to deploy on a large scale and the console is not allowing me to deploy on more then 10000 machines properly. Any modifications that can make this happen? |
|
|
I think you could remove the secret that is being prompted for in the JS and use only "stored" secrets that would be visible to anyone who can see them in the console. This might allow it to be used using the RestAPI. |
|
|
Any suggestions how to make this work via the REST API? Obviously in this form, the javascript to force a TakeSecureFixletAction only works in the GUI |
|
|
Also related discussion here: https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014748508 |
|
|
Related discussion here: https://www.ibm.com/developerworks/community/forums/html/topic?id=56dbb886-ad6f-4777-8f29-678daee29ac6 |
|
|
Variation on the Distribute Secret to demonstrate using 2 secrets in the same Fixlet. Also shows a method of hardcoding the secret into the Fixlet Description (where it would be visible to any console operator) instead of prompting the action taker for it. |