Business Problem
Delinea Secret Server has a lot of feature sets. It provides functionalities that give you granular control over the Secret Server, but still, there are certain limitations to how much you can perform and tweak through the GUI. One such limitation is if you try to delete a folder that has a large number of subfolders present within it with each subfolder also having subfolders then you can not delete the root folder, You’ll have to delete each subfolder one by one and then only, that root folder can be deleted. This is to limit and prevent accidental deletion of a large folder structure but what if that folder structure is accidentally created and you want to delete that folder structure.
The only efficient solution to this problem is scripting using the webservices API. Delinea Secret Server supports both SOAP and REST webservices API and these APIs can be integrated using .NET, Java, Python, Ruby, and PowerShell scripting languages.
Solution
In our case, we used Power shell to develop a script that first traverses each folder and gets to its last subfolder, and checks if it contains any secret, if that folder contains a secret script will move that to a common folder and delete that folder and move a level up. It repeats the same step recursively(leveraging a recursive function) until the whole unwanted folder structure is deleted.
For the traversing folder, we created a function that accepts folder ID as an input parameter. Within this function first, we used 2 global type arrays to store folder ID and folder path, and then we used REST API call to fetch folder details such as the child folder’s ID. If the folder has child folders we’ll again iterate over these child Folder IDs using the same ‘Folder Traverse’ function recursively and at the end of this function, we’ll have each folder’s ID.
Now, we are using another function to move a secret from one folder to another and to do this, we just have to use a PUT-based REST API call and update the folder ID of that particular secret. The code for folderID updation is implemented within a do-while loop so that it iterates over each secret within every folder and move those secrets into the required new folder.
Benefits
Now there are several benefits of creating a script to complete these mundane repetitive tasks. The first is that it is more efficient and less time-consuming, in the above use case we were able to execute the script and complete the task in less than 10 minutes. It also decreases the chances of human error and you can also use specific code snippets to include in other scripts.
Conclusion
Delinea Secret Server is a powerful PAM solution with many features and capabilities. But understanding these functionalities and how they align with your organization’s PAM needs requires professional industry experience. We at SecurDI enable the organizations to meet their PAM goals with the help of our seasoned professionals with varying experiences making it easier for organizations to precisely understand their requirements and how to best implement a solution accordingly.