Skip to content

Instantly share code, notes, and snippets.

@elijahgagne

elijahgagne/gist:7bf9f27105dc5b32db17cfa9c305f798

Last active March 15, 2024 14:34
Show Gist options
  • Save elijahgagne/7bf9f27105dc5b32db17cfa9c305f798 to your computer and use it in GitHub Desktop.
Save elijahgagne/7bf9f27105dc5b32db17cfa9c305f798 to your computer and use it in GitHub Desktop.
Download ZIP
altima_list.sh
Raw
gistfile1.txt
# Common config
# mac: pbcopy, ubuntu: xclip, windows: clip.exe
local ALTIMA_CORE_CLIPBOARD_CMD=pbcopy
local ALTIMA_LITE_NETID=REPLACE_WITH_NETID
local ALTIMA_LITE_OP=REPLACE_WITH_OP_ACCOUNT
local ALTIMA_LITE_CA_ID=REPLACE_WITH_OP_ID
# Standard config
export ALTIMA_CYBERARK_ROOT_URL=https://pvwa.dartmouth.edu/PasswordVault/WebServices
export ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME=$ALTIMA_LITE_NETID
export ALTIMA_CYBERARK_API_CREDENTIAL_PATH=prod/$ALTIMA_LITE_NETID
export ALTIMA_CYBERARK_ACCOUNT_PATHS=( prod/$ALTIMA_LITE_OP )
export ALTIMA_CYBERARK_ACCOUNT_IDS=( $ALTIMA_LITE_CA_ID )
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS=op
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_USERNAME=$ALTIMA_LITE_OP
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH=prod/$ALTIMA_LITE_OP
alias $ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS='get_cred | "${ALTIMA_CORE_CLIPBOARD_CMD}"'
function get_cred
{
local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
echo -n "$(pass ""$CRED_PATH"")"
}
function set_cred
{
local CRED_PATH="$1"
local PASSWORD="$2"
echo -n "$PASSWORD" | pass insert --force --echo "$CRED_PATH"
}
# Functions for using Apple Keychain instead of pass
# function get_cred
# {
# local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
# /usr/bin/security find-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -w | tr -d '\n'
# }
# function set_cred
# {
# local CRED_PATH="$1"
# local PASSWORD="$2"
# /usr/bin/security add-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -U -w "$PASSWORD"
# }
function get_cyberark_api_token
{
if [ -z $1 ]; then
echo -n "Username: "; read USER_NAME
else
local USER_NAME="$1"
fi
if [ -z $2 ]; then
echo -n "Password: "; stty -echo; read PASSWORD; stty echo; echo
else
local PASSWORD="$2"
fi
curl --request POST \
--url "$ALTIMA_CYBERARK_ROOT_URL/auth/Cyberark/CyberArkAuthenticationService.svc/Logon" \
--header 'content-type: application/json' \
--silent \
--data "{
\"username\": \"$USER_NAME\",
\"password\": \"$PASSWORD\",
\"useRadiusAuthentication\": \"true\",
\"connectionNumber\": \"1\"
}" | awk -F\" '{print $4}'
}
function get_cyberark_password
{
local TOKEN="$1"
local ACCOUNT_ID="$2"
curl --request GET \
--url "$ALTIMA_CYBERARK_ROOT_URL/PIMServices.svc/Accounts/$ACCOUNT_ID/Credentials" \
--header "Authorization: $TOKEN" \
--header 'Content-Type: application/json' \
--silent
}
function ucred
{
if [ -z $ALTIMA_CYBERARK_API_CREDENTIAL_PATH ] || [ "$ALTIMA_CYBERARK_API_CREDENTIAL_PATH" = "null" ]; then
local PASSWORD=""
echo -n "Password for $ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME: "; stty -echo; read PASSWORD; stty echo; echo
else
local PASSWORD=$(get_cred $ALTIMA_CYBERARK_API_CREDENTIAL_PATH)
fi
local TOKEN=$(get_cyberark_api_token "$ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME" $PASSWORD)
for i in $(seq 0 $((${#ALTIMA_CYBERARK_ACCOUNT_PATHS[@]}))); do
if [[ ${ALTIMA_CYBERARK_ACCOUNT_PATHS[$i]} != '' ]]; then
local PASSWORD=$(get_cyberark_password "$TOKEN" "${ALTIMA_CYBERARK_ACCOUNT_IDS[i]}")
if [[ "$PASSWORD" = *"Error"* ]]; then
printf "%24s: ERROR!\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}"
else
pass "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" | "${ALTIMA_CORE_CLIPBOARD_CMD}" > /dev/null
HIDE_PASSWORD=${PASSWORD:0:2}********
printf "%24s: %-24s\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$HIDE_PASSWORD"
fi
set_cred "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$PASSWORD" > /dev/null
fi
done
}
function altima_help_pass_install
{
echo '''
## Mac install
brew install pass
brew unlink pass
brew install --HEAD pass
## Ubuntu install
#https://aka.ms/wslinstall
sudo apt update
sudo apt install -y pass
## Configure pass
cat >loader <<EOF
%echo Generating a GPG key
Key-Type: RSA
Key-Length: 4096
Subkey-Type: RSA
Subkey-Length: 4096
Name-Real: Password Storage Key
Expire-Date: 0
%no-protection
%commit
%echo done
EOF
gpg --batch --gen-key loader
rm -f loader
pass init "Password Storage Key"
pass insert prod/d92495j
echo -n XXX | pass insert --force --echo "prod/rciX"
pass prod/rciX
'''
}
function altima_help_lite_install
{
printf -- "
echo 'source %s/altima_lite.sh' >> %s/.zshrc
or
echo 'source %s/altima_lite.sh' >> %s/.bashrc
" '$HOME' '$HOME' '$HOME' '$HOME'
}
function altima_help_configure
{
local NETID=""
local OP_ACCOUNT=""
local OP_ID=""
echo -n "NetID? "
read NETID
echo -n "OP Account? "
read OP_ACCOUNT
echo -n "OP ID? "
read OP_ID
sed -i '' "1,10s/REPLACE_WITH_NETID/$NETID/" $HOME/altima_lite.sh
sed -i '' "1,10s/REPLACE_WITH_OP_ACCOUNT/$OP_ACCOUNT/" $HOME/altima_lite.sh
sed -i '' "1,10s/REPLACE_WITH_OP_ID/$OP_ID/" $HOME/altima_lite.sh
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment