Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to Set/Get secret variables in CyberArk Conjur & DAP - By: @jodyhuntatx
#!/bin/bash
# Authenticates as a user and gets or sets value of a specified variable.
# If you set the environment variables AUTHN_USERNAME and AUTHN_PASSWORD
# to appropriate values, you can avoid having to enter the admin username
# and password every time this script runs.
# Note that 'set' does not correctly handle values containing whitespace.
CONJUR_APPLIANCE_URL=""
CONJUR_ACCOUNT=""
if [[ $CONJUR_APPLIANCE_URL == "" ]]; then
echo "You must set CONJUR_APPLIANCE_URL and CONJUR_ACCOUNT in script."
exit -1
fi
################ MAIN ################
# $1 - command (get or set)
# $2 - name of variable
# $3 - value to set
main() {
case $# in
2) local command=get # 2 args == get
local variable_name=$2
;;
3) local command=set # 3 args == set
local variable_name=$2
local variable_value=$3
;;
*) printf "\nUsage: %s [ get | set ] <variable-name> [ <variable-value> ]\n" $0
exit -1
esac
rest_data=""
if [[ $command == "set" ]]; then
rest_data="--data $variable_value"
fi
authn_user # authenticate user
if [[ "$AUTHN_TOKEN" == "" ]]; then
echo "Authentication failed..."
exit -1
fi
variable_name=$(urlify "$variable_name")
curl -sk \
-H "Content-Type: application/json" \
-H "Authorization: Token token=\"$AUTHN_TOKEN\"" \
$rest_data \
$CONJUR_APPLIANCE_URL/secrets/$CONJUR_ACCOUNT/variable/$variable_name
}
##################
# AUTHN USER - sets AUTHN_TOKEN globally
# - no arguments
authn_user() {
if [[ "$AUTHN_USERNAME" == "" ]]; then
>&2 echo
>&2 echo -n Enter admin user name:
read admin_uname
>&2 echo -n Enter the admin password \(it will not be echoed\):
read -s admin_pwd
export AUTHN_USERNAME=$admin_uname
export AUTHN_PASSWORD=$admin_pwd
fi
# Login user, authenticate and set authn token
local api_key=$(curl -sk \
--user $AUTHN_USERNAME:$AUTHN_PASSWORD \
$CONJUR_APPLIANCE_URL/authn/$CONJUR_ACCOUNT/login)
local response=$(curl -sk --data $api_key \
$CONJUR_APPLIANCE_URL/authn/$CONJUR_ACCOUNT/$AUTHN_USERNAME/authenticate)
AUTHN_TOKEN=$(echo -n $response| base64 | tr -d '\r\n')
}
################
# URLIFY - url encodes input string
# in: $1 - string to encode
# out: encoded string on stdout
urlify() {
local str=$1; shift
str=$(echo $str | sed 's= =%20=g')
str=$(echo $str | sed 's=/=%2F=g')
str=$(echo $str | sed 's=:=%3A=g')
str=$(echo $str | sed 's=+=%2B=g')
str=$(echo $str | sed 's=&=%26=g')
str=$(echo $str | sed 's=@=%40=g')
echo $str
}
main "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment