You have a PowerShell script that is being used on 1000 workstations. It requires a Windows Domain credential that is currently hard coded in the script.
What is the simplest solution to remove that credential from the Script?
A.
Modify the script to use the CLI SDK to fetch the secret at runtime using Credential Providers installed on each workstation.
B.
Modify the script to make a SOAP call to retrieve the secret from the Central Credential Provider.
C.
Modify the script to run on WebSphere using the Application Server Credential Provider to retrieve the secret.
D.
Use Conjur Summon to invoke the script and inject the secret at run time.
Conjur Summon is an open source utility that can fetch secrets from Conjur and export them as environment variables to a sub-process environment. This way, the secrets are not exposed or stored in the script, but are only available at run time. To use Conjur Summon, you need to install the summon-conjur provider on each workstation, define the secrets in a secrets.yml file, and wrap the PowerShell script in summon. For example, if the secret ID is win/domain/cred, the secrets.yml file would look like this:
This will inject the secret value of win/domain/cred as an environment variable named DOMAIN_CRED to the PowerShell script. The script can then access the secret using the $env:DOMAIN_CRED syntax.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit