01-15-2019 07:57 PM
Hi,
In NSO I can configure hard-coded accounts and password to connect to devices (authgroups).
If I do not want that (our security team does not like that) and instead I have to to keep device passwords in a system like HashiCorp Vault, how can this be integrated into NSO?
Typically I'd give NSO at startup time a one-time password which it would use to get a token out of Vault which it can use to get the passwords out of Vault. But I see no way to integrate this in NSO.
Am I missing something or is this simply not implemented and not (easily) implementable?
Is there maybe a hook to get a password out from an external system or Python/Java program instead of having it hard-coded in an authgroup configuration?
Solved! Go to Solution.
01-16-2019 02:31 AM
Actually, I was behind the curve, it is included in nso-4.7.2, from the CHANGES file:
ncs: Authentication groups are extended to support action callbacks to
retrieve southbound user and credentials for a local user, device and
the authgroup that device belongs to.
(ENG-17868)
It is the 'callback-node' and 'action-name' settings in the umap or default-map configuration.
01-16-2019 12:03 AM - edited 01-16-2019 01:29 AM
01-16-2019 12:32 AM
It is not currently possible to do what you want, but it is a feature that will come in a future release. We have had this request from other customers as well.
I am not entirely sure which release it will be in or when that will be released. If someone from the product management team is watching, they might know.
01-16-2019 02:31 AM
Actually, I was behind the curve, it is included in nso-4.7.2, from the CHANGES file:
ncs: Authentication groups are extended to support action callbacks to
retrieve southbound user and credentials for a local user, device and
the authgroup that device belongs to.
(ENG-17868)
It is the 'callback-node' and 'action-name' settings in the umap or default-map configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide