This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding many hosts to PAM

For those of you with many hosts in PAM, how did you add them all? Did you automate it through the REST API or did you add them all manually? We have a few to add and I'd rather not add them all manually. I can already add the host to the vault with the corresponding credential but don't know how to add the corresponding command control rule yet.

Parents
  • 0  

    Dear community,

    although an old post, it is still a very up-to-date requirement.

    Are there any OOTB features available now in PAM 4.3 to "batch import/add" resources into Credential Vault? Many enterprise environments will most likely need to manage hundreds or thousands of hosts/resources.

    Use case would be:

    - Register/Add multiple resources (for later use in agentless Web-RDP / Web-SSH access scenario)

    - Add these resources to resource pools

    (rest shoud be possible via Access Control user roles / assignements)

    Many thanks and best regards,

    Philipp

  • Suggested Answer

    0   in reply to   

    Hi Phillip

    Have you looked at the rest api for adding servers to the credential vault ?

    https://pamserver/rest_ap

    Regards

    Liam O'Dowd

Reply Children
  • 0 in reply to   

    My ultimate solution was to write a Python script to automate mostly everything. It uses salt to create the SSH key, create the credential vault entry, add the SSH key to the vault, and then create the command control rule. Of course, command control rules are not in vogue any more and things should be simpler with the new Access Control policy engine.

  • 0   in reply to   

    Hi Liam,

    sorry for the late response and many thanks for your valuable input!

    I have had a quick look at the REST API. Looks promising. I think basic provisioning of resources / credentials and the assignment to resource pools should be doable and should provide some degree of automation.

    Will give it a try and let you know of the results…

    Best regards,

    Philipp