Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Only check out PAM secrets used
#1
Currently when syncing objects from Thycotic server (Delinea) it will check out all secrets in the folder being syncd meaning that nobody else can check them out and they're exclusively in your name.

I'd like this to work where you can view a list of secrets available and only check out the ones that you select, leaving the rest checked in, like you would if you was using the PAM web interface.

Thanks.
Reply
#2
Hi,

thanks for your suggestion - I just checked the API - there are optional parameters when reading the credentials

AutoCheckIn - AutoCheckOut - ForceCheckIn

Didn't know that in detail - would it make sense to try to use these parameters instead? We can try set AutoCheckOut = false - or if that do not work - to set ForceCheckIn = true

What do you think - Selecting credentials to sync can be also implemented, but would take some more time...
Regards/Gruss
Oliver
Reply
#3
(26-01-2024, 02:21 PM)DevOma Wrote: Hi,

thanks for your suggestion - I just checked the API - there are optional parameters when reading the credentials

AutoCheckIn - AutoCheckOut - ForceCheckIn

Didn't know that in detail - would it make sense to try to use these parameters instead? We can try set AutoCheckOut = false - or if that do not work - to set ForceCheckIn = true

What do you think - Selecting credentials to sync can be also implemented, but would take some more time...

Good Afternoon,

Thank you for your reply. I think setting autocheckout to false could work, how do I test this?

Additionally I do think selecting credentials to sync would be good but if the above can be done then this would be better, I'd like to have a list of all credentials available and be able to click on one of them to check them out and use them.

Thanks.
Reply
#4
You can't test it currently - I see that the API supports that setting - we need to implement - I guess all customers before had this feature deactivated :-)

I will update you as soon I have something to test
Regards/Gruss
Oliver
Reply
#5
(29-01-2024, 04:48 PM)DevOma Wrote: You can't test it currently - I see that the API supports that setting - we need to implement - I guess all customers before had this feature deactivated :-)

I will update you as soon I have something to test

Okay great - When can this be implemented?

Thanks.
Reply
#6
Will give you access to preview version in the next days...
Regards/Gruss
Oliver
Reply
#7
Okay great thank you.
Reply
#8
Send you PM with Download-Link
Regards/Gruss
Oliver
Reply
#9
I'm still experiencing issues with syncing these secrets, I have selected the folder that they're in but they're not showing in there.
Reply
#10
What options are set for these secrets? I can ask if we can setup in our environment similar settings - but I need the exact setup of these secrets...
Regards/Gruss
Oliver
Reply
#11
They're set to require check out, checkout interval is 2 days, change password on check in set to yes, require comment set to yes.
Reply
#12
I will try to setup the same in the next days - need to wait for our IT security team
Regards/Gruss
Oliver
Reply
#13
Okay thank you.
Reply
#14
Just to update you - I can reproduce your issue - now investigating how to solve that issue :-)
Regards/Gruss
Oliver
Reply
#15
Now I would like to get your ideas on how to implement - if secrets are restricted we can't get the details without checkout / comment.

Would it be ok to set "Checkout" manually? Like a context menu "Checkout Secret" - then a dialog is displayed where to enter your comment - checkout is done - then you should be able to use that cred for connecting to any destination - afterwards you can select "Checkin" in context menu.
Regards/Gruss
Oliver
Reply
#16
(08-03-2024, 03:42 PM)DevOma Wrote: Now I would like to get your ideas on how to implement - if secrets are restricted we can't get the details without checkout / comment.

Would it be ok to set "Checkout" manually? Like a context menu "Checkout Secret" - then a dialog is displayed where to enter your comment - checkout is done - then you should be able to use that cred for connecting to any destination - afterwards you can select "Checkin" in context menu.

Yes this sounds great - Would it also be possible to only see secrets that are not 'checked out', I think there should be an option in the API to see if a secret is checked out or not.

So either only show secrets that aren't checked out, or include a collumn in rocket remote to show if a secret is checked out or not?

This would be really helpful as currently we have to guess if it is checked out.

Thanks Smile
Reply
#17
Is there any update on this?
Reply
#18
Yes - the next main release will be published in the next days - and it is implemented
Regards/Gruss
Oliver
Reply
#19
(19-03-2024, 01:24 PM)DevOma Wrote: Yes - the next main release will be published in the next days - and it is implemented

Okay thank you.
Reply
#20
Has the main release been published yet? If so can I have a link to this please?
Reply




Users browsing this thread: 1 Guest(s)