Skip to content

Instantly share code, notes, and snippets.

@JimmyJamTQBD
Last active April 17, 2020 19:59
Show Gist options
  • Save JimmyJamTQBD/1373f7c7b937b3e9167d3aa6fa7ad37b to your computer and use it in GitHub Desktop.
Save JimmyJamTQBD/1373f7c7b937b3e9167d3aa6fa7ad37b to your computer and use it in GitHub Desktop.
<div hidden>
```
@startuml CyberArkDiscovery
control "Venafi\nDiscovery Module" #orangered
entity "Venafi\nTPP" #orange
entity "CyberArk\nDiscovery Module" #dodgerblue
database "Vault" #darkblue
== Authentication ==
"Venafi\nDiscovery Module" -[#green]> "CyberArk\nDiscovery Module" : Basic Auth with Discovered DeviceGuids
note right: Body:\n{"deviceGUIDs": ["1234abcd-ef56-gh78-0000-1234abcd123abc"]}
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Relay username/password to Auth directly to Vault
"Vault" -[#green]> "CyberArk\nDiscovery Module" : Authentication Token
' "CyberArk\nDiscovery Module" -[#green]> "Venafi\nDiscovery Module" : Authentication Token/'
' "Venafi\nDiscovery Module" -[#green]> "CyberArk\nDiscovery Module" : List of discovered DeviceGuids/'
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Retreive Venafi SDK Account using Credential Provider
"Vault" -[#green]> "CyberArk\nDiscovery Module" : Securely delivers SDK account info to code
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : Authentication Request to SDK
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Resonse "API KEY"
== Processing ==
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : Call to KeyswithPrivateKeys endpoint w/ DeviceGuids
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Array of KeySets
== Identify Key to Import ==
loop Iterate through Array
"CyberArk\nDiscovery Module" --[#green]> "CyberArk\nDiscovery Module" : Identify Privileged Keys based on DiscoveryConfig.yml parameter
note left: DiscoveryConfig stores usernames to identify Privilege\na second option is available to identify "root" and variations of know Privileged usernames\n(.*admin.*)|(.*root.*)|(.*superuser.*)|(.*supervisor.*)|(toor)|(baron)|(avatar)|(adm)|(wheel)
end
== Start Import Process ==
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : AddSelfServicePrivateKey w/ KeySetID
note right: FolderID is stored in DiscoveryConfig and requires Customer input\nCurrent enhancement plan:\na) Allow customers to modify fields for SelfServicePrivateKey\nb) Create FolderID with Config/Create API
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Responds w/ KeyID
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : ExportSelfServicePrivateKey w/ KeyID
note right: Enhancement: Key Format
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Private Key Content
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Provision key into a Safe input by customer in DiscoveryConfig
note left: Current Enhancement Plan:\nAdd extended properties for custom Platforms
"Vault" -[#green]> "CyberArk\nDiscovery Module" : KeySetID : boolean
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : [deleteFromSource] Optional /SSH/RemoveKey
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Success : boolean
@enduml
'''
</div>
![](CyberArkDiscovery.svg)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment