Password Manager Pro Plugins for Chef and Puppet

Chef

  1. Introduction to Chef
  2. Steps to set up the Password Manager Pro plugin for Chef

    2.1 Enabling Chef integration in Password Manager Pro

    2.2 Invoking the Password Manager Pro plugin in Chef

Puppet

  1. Introduction to Puppet
  2. Steps to set up the Password Manager Pro plugin for Puppet

    2.1 Enabling Puppet integration in Password Manager Pro

    2.2 Invoking the Password Manager Pro plugin in Puppet

Sample Code

  1. Sample code to fetch resource and account details using the Password Manager Pro plugin
  2. Sample code to fetch the password using the Password Manager Pro plugin

Chef

1. Introduction to Chef

Chef is a ruby-based configuration management tool that provides a way to define infrastructure as code (IAC) wherein managing infrastructure is made simple through writing code rather than using manual processes. Chef operates using a Client-Server architecture.

The Password Manager Pro lookup plugin developed for Chef helps improve security and ease of Password Management in an organization's DevOps pipeline. Once imported into Chef, the Password Manager Pro plugin can fetch credentials and account information directly from the Password Manager Pro vault during Chef cookbook runtime, thus eliminating the need to use hard-coded credentials. Upon secure retrieval, the credentials can then be used for actions such as connecting to a remote host. The credentials stored in Password Manager Pro are regularly rotated in the vault and also updated in the respective remote device; this ensures that only the latest passwords or keys are retrieved from the vault when the Chef plugin is invoked.

2. Steps to Set Up the Password Manager Pro Plugin for Chef

The following are the steps to set up and manage sensitive credentials in Chef with Password Manager Pro.

  1. Enabling Chef integration in Password Manager Pro.
  2. Invoking the Password Manager Pro plugin in the Chef cookbooks.

2.1 Enabling Chef Integration in Password Manager Pro

  1. Log into Password Manager Pro and navigate to Admin >> Integration >> CI/CD Platform Integration.
  2. Click the Chef option.
  3. In the CI/CD Platform Integration window, click Generate to populate an AUTH Token automatically. This will be required later while invoking the plugin in the Chef cookbooks. Once set up, all incoming connections from Chef will be validated by Password Manager Pro using this AUTH token.

  4. Enter the username of an active Password Manager Pro user. Password Manager Pro will map the auth token to this user account and it will be used to retrieve required passwords from Password Manager Pro's vault. Once Password Manager Pro maps the auth token to this user, the resources owned/shared to this user can also be accessed using this auth token.  
  5. Click Enable.

    6. Note: Ensure that the Password Manager Pro user account you provide has the minimum required permissions for this workflow i.e. privilege to view/retrieve the passwords of resources which Chef has to connect to. The passwords of resources owned by and shared to this user are the only credentials that Chef will have access to in Password Manager Pro.

2.2 Invoking the Password Manager Pro Plugin in Chef

Import Password Manager Pro's ruby gem into your Chef cookbooks by executing the following:

2.2.i Initialize the Password Manager Pro Class Object with Credentials

syntax:gemData = PasswordManagerProGem.new("Hostname","Auth token",Path,port number)

Wherein,

  • Host name = The Password Manager Pro hostname of the account whose username was provided in Step 2.1.
  • Auth Token = The respective auth token generated in Step 2.1.
  • Path = Path to SSL certificate of the Password Manager Pro server.
  • Port number = The port number used for your Password Manager Pro server. You need to specify this only if the port used is not the default Password Manager Pro port 7272.

2.2.ii Methods To Be Applied to the Chef Cookbook to Invoke the Password Manager Pro Plugin

gemData.getAccountPassword("resource name","account name")

This method fetches the account password as a string.

gemData.getAccountDetails("resource name","account name")

This method returns the resource and account details in the array of JSON format.

Puppet

1. Introduction to Puppet

Puppet is a ruby-based configuration management tool similar to Chef. Puppet also operates using a Client-Server architecture in which the Master and Slave communicate through a secure encrypted channel with the help of SSL. Puppet is mainly used for deploying, configuring and managing servers. Similar to Chef, the Password Manager Pro lookup plugin can retrieve passwords from Password Manager Pro's vault when invoked.

2. Steps to Set Up the Password Manager Pro Plugin for Puppet

The following are the steps to set up and manage sensitive credentials in Puppet with Password Manager Pro.

  1. Enabling Puppet integration in Password Manager Pro.
  2. Invoking the Password Manager Pro plugin in Puppet.

2.1 Enabling Puppet Integration in Password Manager Pro

  1. Log into Password Manager Pro and navigate to Admin >> Integration >> CI/CD Platform Integration.
  2. Click the Puppet option.
  3. In the CI/CD Platform Integration window, click Generate to populate an AUTH Token automatically. This will be required later while invoking the plugin in Puppet. Once set up, all incoming connections from Puppet will be validated by Password Manager Pro using this AUTH token.


  4. Enter the username of an active Password Manager Pro user. Password Manager Pro will map the auth token to this user account and it will be used to retrieve required passwords from Password Manager Pro's vault. Once Password Manager Pro maps the auth token to this user, the resources owned/shared to this user can also be accessed using this auth token. 
  5. Click Enable.

Note: Ensure that the Password Manager Pro user account you provide has the minimum required permissions for this workflow i.e. privilege to view/retrieve the passwords of resources which Puppet has to connect to. The passwords of resources owned by and shared to this user are the only credentials that Puppet will have access to in Password Manager Pro.

2.2 Invoking the Password Manager Pro Plugin in Puppet

Import Password Manager Pro's ruby gem into Puppet by executing the following:

2.2.i Initialize the Password Manager Pro Class Object with Credentials

syntax:gemData = PasswordManagerProGem.new("Hostname","Auth token",Path,port number)

Wherein,

  • Host name = The Password Manager Pro hostname of the account whose username was provided in Step 2.1.
  • Auth Token = The respective auth token generated in Step 2.1.
  • Path = Path to SSL certificate of the Password Manager Pro server.
  • Port number = The port number used for your Password Manager Pro server. You need to specify this only if the port used is not the default Password Manager Pro port 7272.

2.2.ii Methods To Be Applied to Puppet to Invoke the Password Manager Pro Plugin

getAccountPassword(resourceName,AccountName)

This method fetches the account password as a string.

getAccountDetails(resourceName,AccountName)

This method returns the resource and account details in the array of JSON format.

Sample Codes

1. Sample Code to Fetch Resource and Account Details using the Password Manager Pro Plugin

The following are the sample input and output codes and the corresponding sample responses to fetch the account details using the Password Manager Pro plugin. The sample codes remain the same for both Chef and Puppet.

Sample Input

gem 'PasswordManagerPro_Gem'

require 'PasswordManagerPro_Gem' gemData = PasswordManagerProGem.new("localhost","060CCDB8-71A0-4B8B-AC57-XXXXX","/home/local/user/servercertificate")

# resourcename = Windows accountname = useraccount1

puts("resourcedetails\n")

result = gemData.getAccountDetails("Windows ","useraccount1"))

puts(result[0])

puts("accountdetails\n")

puts(result[1])

Sample Output

resource details
{"RESOURCE_ID":1,"RESOURCE_NAME":"Windows","RESOURCE_DESCRIPTION":"","OPERATINGSYSTEM":"Windows","DNSNAME":"","DEPARTMENT":"","LOCATION":"","RESOURCE_URL":""}
account details
{"ACCOUNTNAME":"useraccount1","PASSWORD":"Test@123"}

2. Sample Code to Fetch the Password using the Password Manager Pro Plugin

The following are the sample input and output codes and the corresponding sample responses to fetch the password using the Password Manager Pro plugin. The sample codes remain the same for both Chef and Puppet.

Sample Input

gem 'PasswordManagerPro_Gem'

require 'PasswordManagerPro_Gem'

gemData = PasswordManagerProGem.new("localhost","060CCDB8-71A0-4B8B-AC57-XXXXX","/home/local/user/servercertificate")

# resourcename = Windows accountname = useraccount1

puts("accountpassword\n")

puts(gemData.getAccountPassword("Windows ","useraccount1"))

Sample Output

accountpassword: Test@123

For more information on Chef and Puppet, refer to the following links:

Chef: https://www.chef.io

Puppet: https://puppet.com/
Top