Osirium PAM Osirium PAM: Static Vaults

Summary

This module contains actions for reading static vault information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.static_vaults.

get_all

Get all static vaults from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of StaticVaults.

Example
1
2
3
- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: all_static_vaults

pam.static_vaults.

get_by_id

Get a static vault using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

vault_id: the ID of the Static Vault

Output

A single StaticVault.

Example
1
2
3
4
- pam.static_vaults.get_by_id:
    pam_address: pam.internal.net
    vault_id: 2
  save: static_vault

pam.static_vaults.

get_by_name

Get a static vault using its name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the Static Vault

Output

A single StaticVault.

Example
1
2
3
4
- pam.static_vaults.get_by_name:
    pam_address: pam.internal.net
    name: Cloud Secrets
  save: static_vault

pam.static_vaults.

input_table

Display static vaults in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • Device Count

Minimum Plugin Version: 1.0.0

Input
  • text: The title of the table

  • static_vaults: a single or list of StaticVaults to display in the table

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of StaticVaults.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: all_static_vaults

- pam.static_vaults.input_table:
    text: Select a Static Vault
    minimum: 1
    maximum: 1
  load:
    static_vault_list: all_static_vaults
  save: selected_static_vaults

pam.static_vaults.

output_table

Display static vaults in a table.

The table will have the following columns:

  • Name
  • Device Count

Minimum Plugin Version: 1.0.0

Input
  • text: the title of the table

  • static_vaults: a single or list of StaticVaults to display in the table

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.static_vaults.get_all:
    pam_address: pam.internal.net
  save: all_static_vaults

- pam.static_vaults.output_table:
    text: All Static Vaults
  load:
    static_vaults: all_static_vaults

pam.static_vaults.

reveal_account_by_name

Reveal a static vault account's secrets using the account name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

vault_id: the ID of the Static Vault

account_name: the name of the Static Vault account

Output

A single Secret.

Example
1
2
3
4
5
- pam.static_vaults.reveal_account_by_name:
    pam_address: pam.internal.net
    vault_id: 3
    account_name: api_key
  save: secret

pam.static_vaults.

Search for static vaults in the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A list of StaticVaults.

Example

Find all static vaults with 1 or more devices:

1
2
3
4
5
6
7
- pam.static_vaults.search:
    pam_address: pam.internal.net
    queries:
      - attribute: device_count
        query: greater_than
        value: 0
  save: static_vaults

Wildcard Queries

You can use the % character as a wildcard in the value of each query.