Introduction
Credentials can have one of a few different types - snmp1/2, snmpv3, ssh, ssh key, windows are all implemented. CAVEAT - ssh keys are not implemented for Windows Open-AudIT servers as yet.
How Does it Work?
Credentials are stored in the "credentials" database table. The actual credential information is encrypted in storage. When a Discovery is run, a device has it's credentials retrieved and tested for connection first. If these fail the list of credentials is also tested against the device. Working credentials are stored at an individual device level in the "credential" table (note - no 's' in the table name). SSH keys are tested before SSH username / password. When testing SSH, credentials will also be marked as working with sudo or being root.
Creating Credentials
To make another credential entry use the menu and go to menu -> Admin -> Credentials -> Create Credentials (In Open-AudIT Enterprise menu -> System -> Credentials -> Create Credentials). Provide a name and optionally a description. Choose a type of credential. Once you do this, the additional fields will populate with the available configurable options.
Viewing Credential Details
Go to menu -> Admin -> Credentials -> List Credentials.
You will see a list of available credentials. You can view a credential by clicking on the it's ID (in green). You can also edit or delete the credential.
Database Schema
CREATE TABLE `credentials` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) NOT NULL DEFAULT '', `description` text NOT NULL, `type` enum('aws','basic_auth','cim','ipmi','mysql','netapp','other','snmp','snmp_v3','sql_server','ssh','ssh_key','vmware','web','windows') NOT NULL DEFAULT 'other', `credentials` text NOT NULL, `org_id` int(10) unsigned NOT NULL DEFAULT '1', `edited_by` varchar(200) NOT NULL DEFAULT '', `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Example Database Entry
Credentials are stored in the database in the "credentials" table. A typical entry will look as below.
NOTE - org_id is not used at present.
id: 26 name: Mark at home description: type: ssh credentials: 12389RdkKYFQrwZF3bfBeHSyHhAXdIbh2i22MsSdsnpCO72lQGoRnlpKfW+AETgmCOhIAe3NQmRucMncsaGTyeczshUCuv1iqTuk8ZT3sHyGkDPkq/FiX1z6guUL123/ org_id: 0 edited_by: Administrator edited_date: 2016-08-04 08:54:10
API / Web Access
You can access the /credentials collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
When requesting a credentials details via the API, the credentials section will be decrypted.
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
---|---|---|---|---|---|---|---|
POST | n | create | credentials::create | /credentials | Insert a new credentials entry. | credentials_create.json | |
GET | y | read | credentials::read | /credentials/{id} | Returns a credentials details. | credentials_read.json | |
PATCH | y | update | credentials::update | /credentials/{id} | Update an attribute of a credentials entry. | credentials_patch.json | |
DELETE | y | delete | credentials::delete | /credentials/{id} | Delete a credentials entry. | credentials_delete.json | |
GET | n | collection | credentials::read | /credentials | Returns a list of credentials. | credentials_collection.json |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
---|---|---|---|---|---|---|
GET | n | create | create_form | credentials::create | /credentials/create | Displays a standard web form for submission to POST /credentials. |
GET | y | update | update_form | credentials::update | /credentials/{id}/update | Show the script details with the option to update attributes using PATCH to /credentials/{id} |
GET | n | import | import_form | credentials::create | /credentials/import | Displays a standard web form for submission to POST /credentials/import. |
POST | n | import | import | credentials::create | /credentials/import | Import multiple credentials using a CSV. |