NexposeThycotic

Nexpose Thycotic Gem allows users to import credentials from Thycotic SecretServer into their Nexpose instance.

For assistance with using the gem, documentation, or issues, please email the Rapid7 support team at [email protected], including description of issues and log files.

Installation

Add this line to your application's Gemfile:

gem 'nexpose_thycotic'

And then execute:

$ bundle

Or install it yourself as:

$ gem install nexpose_thycotic

Usage

Edit the nexpose_thycotic.config file in the /lib/nexpose_thycotic/config folder with a text editor. Nexpose and Thycotic configuration options can be set in this file, or as Environment Variables.

  • Add a proper username/password for both Nexpose and SecretServer.
  • Add the URL for SecretServer webservice and URL for Nexpose, with optional port (defaults to 3780).
  • The logging level can also be modified.
  • Add the Site ID(s) to be managed by this integration, save and run on schedule.

Run the following command from inside the bin folder:

    nexpose_thycotic

Encryption Settings

The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.

Setting Custom Locations for Encryption Files

To set custom locations for the key and IV files, update the following values within the encryption.config file:

  • key_filename - The absolute path to where the key file will be created.
  • iv_file - The absolute path to where the IV file will be created.

To set a custom path after the integration has already executed, the files must be moved to the new location manually.

Encrypting the Configuration without running the Integration

The Nexpose Thycotic integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule.

The command to do so is: 

nexpose_thycotic -e

or 

nexpose_thycotic --encrypt_config

License

The gem is available as open source under the terms of the MIT License.

Changelog

0.2.0

  • User may configure the gem to delete or preserve existing credentials.
  • A customisable comment is now attached to password retrieval requests.
  • Multiple credentials for the same address may be imported.

0.0.7

  • User now has the option to configure the gem using a configuration file as well as with environment variables. Nexpose and Thycotic options have been added to the configuration file.
  • Added an encryption configuration file. Usernames and passwords within the configuration file are now encrypted when the application runs.
  • Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.
  • Breaking change: Environment variables NEXPOSE_PASS and THYCOTIC_PASS have been renamed to NEXPOSE_PASSWORD and THYCOTIC_PASSWORD respectively.