Skip to main content

Package to manage your Cyberark implementation

Project description

Bastion

This python package allow you to use high level functions with your Cyberark implementation

Usage

Connection

First define a configuration file

Connection:
  Username: Administrator #optional
  Password: "Cyberark1"   #optional
  Authtype: Cyberark      #optional, default = Cyberark
PVWA: "pvwa.acme.corp"    #mandatory parameter
CAFile: "/valid/path/to/base64_Root_CA.cer" #optional, if not specified cert is not verified
timeout: 30 #(seconds) optional, timeout for requests to PVWA, default = 30
retention: 10 #(days) optional, days of retention for objects in safe, default = 10
CPM: "PasswordManager" #optional, CPM to assign to safes, default = "" (no CPM)

Then in your python code, instantiate the EPV Class with your configuration file

import bastion

epv = EPV("/path/to/config.yml")

Then you call the login function to login to PVWA

epv.login()

If you didn't specified Connection parameters in configuration file, you can also call login function with these parameters

epv.login(username="Administrator", password="Cyberark1")

Note that if you are already logged in, epv.login() has no effect, but if your session is timed out it create a new token.

Once you are done, you can disconnect with logoff

epv.logoff()

Serialization

EPV objects can be serialized using "to_json" function, then deserialized using constructor. However, for security reasons, login and password are not stored in serialized object so you can't relogin after a timeout with a serialized object

epv = EPV("configfile")
json_epv = epv.to_json()

epv = EPV(serialized=json_epv)
epv.do_something()

Account Manipulation

We provide an object "PrivilegedAccount" that is used for account manipulation. His parameters are the same that Cyberark account representation so you can call constructor with the return of a get_account function unpacked

{
  "name": "string",
  "address": "string",
  "userName": "string",
  "platformId": "string",
  "safeName": "string",
  "secretType": "key",
  "secret": "string",
  "platformAccountProperties": {},
  "secretManagement": {
    "automaticManagementEnabled": true,
    "manualManagementReason": "string"
  },
  "remoteMachinesAccess": {
    "remoteMachines": "string",
    "accessRestrictedToRemoteMachines": true
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for bastion-safepost, version 0.0.20
Filename, size File type Python version Upload date Hashes
Filename, size bastion-safepost-0.0.20.tar.gz (14.3 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page