Last active
April 17, 2020 19:59
-
-
Save JimmyJamTQBD/1373f7c7b937b3e9167d3aa6fa7ad37b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<div hidden> | |
``` | |
@startuml CyberArkDiscovery | |
control "Venafi\nDiscovery Module" #orangered | |
entity "Venafi\nTPP" #orange | |
entity "CyberArk\nDiscovery Module" #dodgerblue | |
database "Vault" #darkblue | |
== Authentication == | |
"Venafi\nDiscovery Module" -[#green]> "CyberArk\nDiscovery Module" : Basic Auth with Discovered DeviceGuids | |
note right: Body:\n{"deviceGUIDs": ["1234abcd-ef56-gh78-0000-1234abcd123abc"]} | |
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Relay username/password to Auth directly to Vault | |
"Vault" -[#green]> "CyberArk\nDiscovery Module" : Authentication Token | |
' "CyberArk\nDiscovery Module" -[#green]> "Venafi\nDiscovery Module" : Authentication Token/' | |
' "Venafi\nDiscovery Module" -[#green]> "CyberArk\nDiscovery Module" : List of discovered DeviceGuids/' | |
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Retreive Venafi SDK Account using Credential Provider | |
"Vault" -[#green]> "CyberArk\nDiscovery Module" : Securely delivers SDK account info to code | |
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : Authentication Request to SDK | |
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Resonse "API KEY" | |
== Processing == | |
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : Call to KeyswithPrivateKeys endpoint w/ DeviceGuids | |
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Array of KeySets | |
== Identify Key to Import == | |
loop Iterate through Array | |
"CyberArk\nDiscovery Module" --[#green]> "CyberArk\nDiscovery Module" : Identify Privileged Keys based on DiscoveryConfig.yml parameter | |
note left: DiscoveryConfig stores usernames to identify Privilege\na second option is available to identify "root" and variations of know Privileged usernames\n(.*admin.*)|(.*root.*)|(.*superuser.*)|(.*supervisor.*)|(toor)|(baron)|(avatar)|(adm)|(wheel) | |
end | |
== Start Import Process == | |
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : AddSelfServicePrivateKey w/ KeySetID | |
note right: FolderID is stored in DiscoveryConfig and requires Customer input\nCurrent enhancement plan:\na) Allow customers to modify fields for SelfServicePrivateKey\nb) Create FolderID with Config/Create API | |
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Responds w/ KeyID | |
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : ExportSelfServicePrivateKey w/ KeyID | |
note right: Enhancement: Key Format | |
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Private Key Content | |
"CyberArk\nDiscovery Module" -[#green]> "Vault" : Provision key into a Safe input by customer in DiscoveryConfig | |
note left: Current Enhancement Plan:\nAdd extended properties for custom Platforms | |
"Vault" -[#green]> "CyberArk\nDiscovery Module" : KeySetID : boolean | |
"CyberArk\nDiscovery Module" -[#green]> "Venafi\nTPP" : [deleteFromSource] Optional /SSH/RemoveKey | |
"Venafi\nTPP" -[#green]> "CyberArk\nDiscovery Module" : Success : boolean | |
@enduml | |
''' | |
</div> | |
![](CyberArkDiscovery.svg) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment