Skip to content

Credential Management

Some Drutiny plugins require credentials not provided by a target. Examples of these types of plugins are Sumologic and Cloudflare who have API endpoints to talk which require API credentials. For these types of plugins, Drutiny has a central credential management tool for storing and using credentials.

Usage

Drutiny has a command called plugin:setup which can be used to setup credentials for a service.

./vendor/bin/drutiny plugin:setup sumologic

access_id (string)
Your access ID to connect to the Sumologic API with: : **********
access_key (string)
Your access key to connect to the Sumologic API with: : *******************

 [OK] Credentials for sumologic have been saved.

Using the Credential Manager API

Using the credential manager requires specifying the schema for your credentials then using the manager to load your credentials when you need them. Presumably inside an audit.

Adding credentials to drutiny.config.yml

drutiny.config.yml is a file a plugin library can specify to declare config. The CredentialSchema key is used to declare namespaces and arbitrary credentials for the namespace/

CredentialSchema:
  sumologic:
    access_id:
      type: string
      description: Your access ID to connect to the Sumologic API with:
    access_key:
      type: string
      description: Your access key to connect to the Sumologic API with:

The above example provides a namespace for sumologic and details access_id and access_key as credentials to provide. These are the credentials that plugin:setup will ask for.

Auditing Prerequisites

Usually, credentials are required in order for an audit to function correctly. Rather than failing an audit because the credentials aren't present to complete the assessment, instead, you can specify an Audit Prerequisite inside your Audit class:


use Drutiny\Credential\Manager;

// ...

  protected function requireApiCredentials()
  {
    return Manager::load('sumologic') ? TRUE : FALSE;
  }

Using the Credentials

If you've created the CredentialSchema in drutiny.config.yml and setup an Audit Prerequisite, then you are now ready to use the credentials inside an audit:


use Drutiny\Credential\Manager;

$creds = Manager::load('sumologic');
$client = new Client($creds['access_id'], $creds['access_key']);