From 36ed4333597cdaf649479cde7e665207b3a45330 Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:31:05 -0600 Subject: [PATCH 1/4] Deleting AWS IAM Comment out code. --- .../AWS/AWS-IAM Users/Discovery/AWS IAM User Discovery.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/AWS IAM User Discovery.ps1 b/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/AWS IAM User Discovery.ps1 index 53cd4e4..a528a4d 100644 --- a/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/AWS IAM User Discovery.ps1 +++ b/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/AWS IAM User Discovery.ps1 @@ -52,8 +52,6 @@ function Write-Log { # Write Log data $MessageString = "{0}`t| {1}`t| {2}`t| {3}" -f $Timestamp, $MessageLevel,$logApplicationHeader, $Message $MessageString | Out-File -FilePath $LogFile -Encoding utf8 -Append -ErrorAction SilentlyContinue - # $Color = @{ 0 = 'Green'; 1 = 'Cyan'; 2 = 'Yellow'; 3 = 'Red'} - # Write-Host -ForegroundColor $Color[$ErrorLevel] -Object ( $DateTime + $Message) } } @@ -77,7 +75,6 @@ try { } #endregion Error Handling Functions -#New-AccessKeys -RootAccessKey $args[0] -RootSecretKey $args[1] -IAMUser $args[2] -IAMUserAccessKey $args[3] -SecretId $args[4] -Url "https://ps01.thycotic.blue/secretserver" -UserName $args[5] -Password $args[6] #Begin Main Process try { From 9c62ca19a048f4a2edfd78a1b2ca501e4938bef3 Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:41:20 -0600 Subject: [PATCH 2/4] AWS IAM Doc Updates --- .../AWS/AWS-IAM Users/Discovery/readme.md | 2 +- .../AWS/AWS-IAM Users/Instructions.md | 20 +++++++++---------- .../Remote Password Changer/readme.md | 6 +++--- .../AWS/AWS-IAM Users/Templates/readme.md | 0 .../SecretServer/AWS/AWS-IAM Users/readme.md | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 Scripts/SecretServer/AWS/AWS-IAM Users/Templates/readme.md diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/readme.md b/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/readme.md index 42946f2..b635731 100644 --- a/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/readme.md +++ b/Scripts/SecretServer/AWS/AWS-IAM Users/Discovery/readme.md @@ -97,7 +97,7 @@ This scanner will scan AWS for administrative accounts. - Merge Fields: Leave Blank -- Script: Copy and paste the Script included in the file [AWS IAM User Discovery.ps2](./AWS%20IAM%20User%20Discovery.ps1) +- Script: Copy and paste the Script included in the file [AWS IAM User Discovery.ps1](./AWS%20IAM%20User%20Discovery.ps1) - Click Save diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/Instructions.md b/Scripts/SecretServer/AWS/AWS-IAM Users/Instructions.md index c5f7b54..5a4cd88 100644 --- a/Scripts/SecretServer/AWS/AWS-IAM Users/Instructions.md +++ b/Scripts/SecretServer/AWS/AWS-IAM Users/Instructions.md @@ -17,12 +17,12 @@ This connector utilizes a Service Account along with its Access Key and Secret. - View and Manage all users - View all group memberships - View all permission policy assignments -- Installation of AWS Tools PowerShell module install on all Secret Server Distributed Engines that will be involved in RPC and Discovery processes. For more information on AWS Tools click [here](https://www.powershellgallery.com/packages/AWS.Tools.IdentityManagement/) +- Installation of AWS Tools PowerShell module install on all Secret Server Distributed Engines that will be involved in RPC and Discovery processes. For more information on AWS Tools click [here](https://www.powershellgallery.com/packages/AWS.Tools.IdentityManagement/). ## Create AWS Service Account - Consult your AWS Administrator to create a user to be used as the Service Account. - Document the Access Key and Secret Key. -- Assign the permissions detailed in the [Prerequisites Section](#prerequisites) +- Assign the permissions detailed in the [Prerequisites Section](#prerequisites). ## Creating secret template for AWS Accounts @@ -34,8 +34,8 @@ The following steps are required to create the Secret Template for AWS Users: - Log in to the Delinea Secret Server (If you have not already done so) - Navigate to Admin / Secret Templates - Click on Create / Import Template -- Click on Import. -- Copy and Paste the XML in the [AWS User Advanced.xml File](./Templates/AWS%20User%20Advanced%20Template.xml) +- Click on Import +- Copy and Paste the XML in the [AWS User Advanced.xml file](./Templates/AWS%20User%20Advanced%20Template.xml) - Click on Save - This completes the creation of the User Account template @@ -46,8 +46,8 @@ The following steps are required to create the Secret Template for the AWS Privi - Log in to the Delinea Secret Server (If you have not already done so) - Navigate to Admin / Secret Templates - Click on Create / Import Template -- Click on Import. -- Copy and Paste the XML in the [AWS Service Account Advanced Privileged Template.xml File](./Templates/AWS%20Service%20Account%20Advanced%20Template.xml) +- Click on Import +- Copy and Paste the XML in the [AWS Service Account Advanced Privileged Template.xml file](./Templates/AWS%20Service%20Account%20Advanced%20Template.xml) - Click on Save - This completes the creation of the Privileged Account template @@ -57,19 +57,19 @@ The following steps are required to create the Secret Template for the AWS Privi - Log in to the Delinea Secret Server (If you have not already done so) - Navigate to Secrets - Click on Create Secret -- Select the AWS Service Account template created in the earlier step [Above](#aws-service-account-template). +- Select the AWS Service Account template created in the earlier step [above](#aws-service-account-template). - Fill out the required fields with the information from the application registration - Secret Name (for example AWS Service Account ) - The following field values are as created in the [Prerequisites Section](#prerequisites) - Username - Access Key - Secret Key - - Admin-Criteria - Comma Separated List of AWS Policies used to determine Admin Accounts (Policy Name=Policy arn + - Admin-Criteria - Comma Separated List of AWS Policies used to determine Admin Accounts (Policy Name=Policy, an example: Admin Access=arn:aws:iam::aws:policy/AdministratorAccess","Service-accounts,Custom Access=arn:aws:iam::aws:policy/CustomAccess" - - SVC-Account-Criteria Comma Separated List of AWS Groups used to determine Service Accounts + - SVC-Account-Criteria Comma Separated List of AWS Groups used to determine Service Accounts, example: Service-Accounts1,ServiceAccounts2 - Click Create Secret - - This completes the creation of a secret in Secret Server for the AWS Privileged Account +- This completes the creation of a secret in Secret Server for the AWS Privileged Account ## Next Steps diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/Remote Password Changer/readme.md b/Scripts/SecretServer/AWS/AWS-IAM Users/Remote Password Changer/readme.md index 1401ea7..85a2409 100644 --- a/Scripts/SecretServer/AWS/AWS-IAM Users/Remote Password Changer/readme.md +++ b/Scripts/SecretServer/AWS/AWS-IAM Users/Remote Password Changer/readme.md @@ -1,8 +1,8 @@ # AWS Remote Password Changer -**NOTE** AWS IAM User Password Changer does not support Heartbeats. If the password change fails an error will be reported +**NOTE** AWS IAM User Password Changer does not support Heartbeats. If the password change fails an error will be reported. -## Associate the Amazon IAM Console Password Privileged Account Remote Password Changer with the AWS IAM User template +## Associate the Amazon IAM Console Password Privileged Account Remote Password Changer with the AWS IAM User Template - Log in to the Delinea Secret Server - Navigate to Admin / Secret Templates - Click on the AWS User Advanced template created in the [instructions.md file](../Instructions.md) @@ -12,7 +12,7 @@ - Password Type to use: Select the Amazon IAM Console Password Privileged Account - Click on Save -## Associate AWS Service account to AWS secret +## Associate AWS Service Account to AWS Secret To be able to correctly use the password changer, the AWS Service account must be associated with the AWS IAM User secret. This can be done by following the steps below: - Log in to the Delinea Secret Server - Navigate to Secrets diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/Templates/readme.md b/Scripts/SecretServer/AWS/AWS-IAM Users/Templates/readme.md deleted file mode 100644 index e69de29..0000000 diff --git a/Scripts/SecretServer/AWS/AWS-IAM Users/readme.md b/Scripts/SecretServer/AWS/AWS-IAM Users/readme.md index db6b0db..3fe4a4c 100644 --- a/Scripts/SecretServer/AWS/AWS-IAM Users/readme.md +++ b/Scripts/SecretServer/AWS/AWS-IAM Users/readme.md @@ -1,6 +1,6 @@ # AWS Delinea Secret Server Integration -This package is designed to discover and Manage AWS User Accounts. It will provide detailed instructions and the necessary Scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the instructions.md document which can be found [Here](./Instructions.md) +This package is designed to discover and manage AWS User Accounts. It will provide detailed instructions and the necessary scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the instructions.md document which can be found [here](./Instructions.md). ## Connector Functions From 80a184765fb34d650e605447ce576c5b6e3e87d3 Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:52:44 -0600 Subject: [PATCH 3/4] AdobeSign Code Cleanup --- .../AdobeSign/Discovery/AdobeSign Discovery.ps1 | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/Scripts/SecretServer/AdobeSign/Discovery/AdobeSign Discovery.ps1 b/Scripts/SecretServer/AdobeSign/Discovery/AdobeSign Discovery.ps1 index cf4ae3b..dbee3cd 100644 --- a/Scripts/SecretServer/AdobeSign/Discovery/AdobeSign Discovery.ps1 +++ b/Scripts/SecretServer/AdobeSign/Discovery/AdobeSign Discovery.ps1 @@ -1,4 +1,3 @@ -$args = @("Default","api.na1.adobesign.com", "3AAABLblqZhDgUgDAXcpI9wbn1uaA0L_EvnsFST0qfWWxyKZOB9R8m6txuMYii2rK9saXwv2RlFRUmA7icf5pYOpO6JK_AXbP","true","ServiceAccounts=CBJCHBCAABAADKXZhgQc1ZiSl3WydXp9KbAFLPdSF4Qm") #region define variables #Define Argument Variables @@ -42,8 +41,6 @@ function Write-Log { # Write Log data $MessageString = "{0}`t| {1}`t| {2}`t| {3}" -f $Timestamp, $MessageLevel,$logApplicationHeader, $Message $MessageString | Out-File -FilePath $LogFile -Encoding utf8 -Append -ErrorAction SilentlyContinue - # $Color = @{ 0 = 'Green'; 1 = 'Cyan'; 2 = 'Yellow'; 3 = 'Red'} - # Write-Host -ForegroundColor $Color[$ErrorLevel] -Object ( $DateTime + $Message) } } #endregion Error Handling Functions @@ -296,8 +293,6 @@ catch { $headers = @{ "Authorization" = "Bearer $accessToken" - #"Accept" = "application/json, application/xml" - #"Content-Type" = "application/json, application/xml" } Write-Log -Errorlevel 0 -Message "Obtaining List of URIs" @@ -365,10 +360,7 @@ while ($null -ne $pageObj.nextCursor) { #region Main Process -<# - if Discovery Mode is set to default, only retreive local administrators will be run -#> - +#if Discovery Mode is set to default, only retreive local administrators will be run $adminAccounts = New-Object System.Collections.ArrayList $adminuser = New-Object -TypeName PSObject From 6744e40479aea4042286a1d23081888ec1ab7280 Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:59:52 -0600 Subject: [PATCH 4/4] Adobe Sign Doc Updates --- .../SecretServer/AdobeSign/Instructions.md | 72 +++---------------- .../AdobeSign/RemotePasswordChanger/readme.md | 4 +- .../AdobeSign/Templates/readme.md | 0 Scripts/SecretServer/AdobeSign/readme.md | 16 +---- 4 files changed, 13 insertions(+), 79 deletions(-) delete mode 100644 Scripts/SecretServer/AdobeSign/Templates/readme.md diff --git a/Scripts/SecretServer/AdobeSign/Instructions.md b/Scripts/SecretServer/AdobeSign/Instructions.md index e40c672..6022b64 100644 --- a/Scripts/SecretServer/AdobeSign/Instructions.md +++ b/Scripts/SecretServer/AdobeSign/Instructions.md @@ -1,63 +1,21 @@ -Adobe Acrobat Sign Connector base configuration - - - +# Adobe Acrobat Sign Connector base configuration This connector provides the following functions - - - - Discovery of Local Accounts - Discovery of Account Admin Accounts - Discovery of Service Accounts - - - Follow the Steps below to complete the base setup for the Connector. - - - ## Prepare Authentication - - - -## Adobe Sign Integration Key - - - +### Adobe Sign Integration Key This connector utilizes Adobe Sign integration key to authenticate API calls. - - - -Follow the instruction to create and Integration Key. - - - -[here] (https://helpx.adobe.com/sign/kb/how-to-create-an-integration-key.html) - -​ - +Follow the instruction to create and Integration Key [here](https://helpx.adobe.com/sign/kb/how-to-create-an-integration-key.html). ### Prerequisites - - - - Access to a Adobe Sign instance with administrative privileges. - - A generated Adobe Sign Integration Key - - ## Creating secret template for Adobe Sign Accounts - - - ### Adobe Sign User Account Template - - - The following steps are required to create the Secret Template for ServiceNow Users: - - - Log in to the Delinea Secret Server (If you have not already done so) - Navigate to Admin / Secret Templates @@ -66,21 +24,15 @@ The following steps are required to create the Secret Template for ServiceNow Us - Click on Import. -- Copy and Paste the XML in the [Adobe Sign Account.xml File](./Templates/Adobe%20Sign%20Account.xml) +- Copy and Paste the XML in the [Adobe Sign Account.xml file](./Templates/Adobe%20Sign%20Account.xml) - Click on Save - This completes the creation of the User Account template - - -### Adobe Sign Integration Key Template +### Adobe Sign Integration Key Template - - -The following steps are required to create the Secret Template for Adobe Sign Integration Key: - - +The following steps are required to create the Secret Template for Adobe Sign Integration Key: - Log in to the Delinea Secret Server (If you have not already done so) @@ -90,13 +42,11 @@ The following steps are required to create the Secret Template for Adobe Sign In - Click on Import. -- Copy and Paste the XML in the [Adobe Sign Integration Key.xml File](./Templates/Adobe%20Sign%20Integration%20Key.xml) +- Copy and Paste the XML in the [Adobe Sign Integration Key.xml file](./Templates/Adobe%20Sign%20Integration%20Key.xml) - Click on Save -- This completes the creation of the Integration Key template - - +- This completes the creation of the Integration Key template ## Create Secret in Secret Server for the Adobe Sign Privileged Account @@ -107,7 +57,7 @@ The following steps are required to create the Secret Template for Adobe Sign In - Click on Create Secret -- Select the template created in the earlier step [Above](#adobe-sign-integration-key-template). +- Select the template created in the earlier step [above](#adobe-sign-integration-key-template). - Fill out the required fields with the information from the application registration @@ -128,10 +78,6 @@ Example: - This completes the creation of a secret in Secret Server for the Adobe Sign Privilaged Account - - ## Next Steps - - Once the tasks above are completed you can now proceed to create a [Discovery Scanner](./Discovery/readme.md) \ No newline at end of file diff --git a/Scripts/SecretServer/AdobeSign/RemotePasswordChanger/readme.md b/Scripts/SecretServer/AdobeSign/RemotePasswordChanger/readme.md index 093a7b8..51cd410 100644 --- a/Scripts/SecretServer/AdobeSign/RemotePasswordChanger/readme.md +++ b/Scripts/SecretServer/AdobeSign/RemotePasswordChanger/readme.md @@ -23,7 +23,7 @@ If you have not already done, so, please follow the steps in the **Instructions. - **Merge Fields**: Leave Blank - **Script**: Copy and paste the Script included in the file [Adobe Sign RPC Placeholder.ps1](./Adobe%20Sign%20RPC%20Placeholder.ps1) - Click Save - - This completes the creation of the Remote Password Changing Script +- This completes the creation of the Remote Password Changing Script ### Heartbeat Script @@ -39,7 +39,7 @@ If you have not already done, so, please follow the steps in the **Instructions. - **Merge Fields**: Leave Blank - **Script**: Copy and paste the Script included in the file [Adobe Sign Heartbeat Placeholder.ps1](./Adobe%20Sign%20Heartbeat%20Placeholder.ps1) - Click Save - - This completes the creation of the Adobe Sign Heartbeat Script +- This completes the creation of the Adobe Sign Heartbeat Script ## Create Password Changer diff --git a/Scripts/SecretServer/AdobeSign/Templates/readme.md b/Scripts/SecretServer/AdobeSign/Templates/readme.md deleted file mode 100644 index e69de29..0000000 diff --git a/Scripts/SecretServer/AdobeSign/readme.md b/Scripts/SecretServer/AdobeSign/readme.md index ceb813c..b28aa8d 100644 --- a/Scripts/SecretServer/AdobeSign/readme.md +++ b/Scripts/SecretServer/AdobeSign/readme.md @@ -1,23 +1,11 @@ # Adobe Acrobat Sign Delinea Secret Server Integration - - - -This package is designed to discover Adobe Acrobat Sign Accounts. It will provide detailed instructions and the necessary Scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the instructions.md document which can be found [Here](./Instructions.md) - - +This package is designed to discover Adobe Acrobat Sign Accounts. It will provide detailed instructions and the necessary Scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the instructions.md document which can be found [here](./Instructions.md) ## Functionality - - - - Discovery of Local accounts including the ability to determine Admin, Service and Local accounts (in Advanced Mode) - - -NOTE - Adobe Sign does not support Remote Password changing or Heartbeat. There is a placeholder script along with instructions that can be used to create a "Place holder/Mock" password changer that will allow the importing of discovered accounts. +NOTE - Adobe Sign does not support Remote Password Changing or Heartbeat. There is a placeholder script along with instructions that can be used to create a "Place holder/Mock" password changer that will allow the importing of discovered accounts. # Disclaimer - - The provided scripts are for informational purposes only and are not intended to be used for any production or commercial purposes. You are responsible for ensuring that the scripts are compatible with your system and that you have the necessary permissions to run them. The provided scripts are not guaranteed to be error-free or to function as intended. The end user is responsible for testing the scripts thoroughly before using them in any environment. The authors of the scripts are not responsible for any damages or losses that may result from the use of the scripts. The end user agrees to use the provided scripts at their own risk. Please note that the provided scripts may be subject to change without notice. \ No newline at end of file