This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding many hosts to PAM

For those of you with many hosts in PAM, how did you add them all? Did you automate it through the REST API or did you add them all manually? We have a few to add and I'd rather not add them all manually. I can already add the host to the vault with the corresponding credential but don't know how to add the corresponding command control rule yet.

  • 0 in reply to   

    My ultimate solution was to write a Python script to automate mostly everything. It uses salt to create the SSH key, create the credential vault entry, add the SSH key to the vault, and then create the command control rule. Of course, command control rules are not in vogue any more and things should be simpler with the new Access Control policy engine.

  • 0   in reply to   

    Hi Liam,

    sorry for the late response and many thanks for your valuable input!

    I have had a quick look at the REST API. Looks promising. I think basic provisioning of resources / credentials and the assignment to resource pools should be doable and should provide some degree of automation.

    Will give it a try and let you know of the results…

    Best regards,

    Philipp

  • 0   in reply to 

    Hi achinayoung_wau,

    sorry for the late response and many thanks for your valuable input!

    That sound like a very sophisticated solution. I will start of with simple provisioning as described above using the REST API. I was thinking about utilizing IDM here, since a lot of the data we need will be already available there.

    Best regards,

    Philipp