Password Safe Platform Plugin Software Development Kit
Password Safe supports an extensive but finite list of platforms. However, with BeyondTrust’s software development kit (SDK), a developer can build a new platform plugin to add support for new systems and applications on an as-needed basis.
The Password Safe plugin SDK package can be found in the Password Safe Resource Kit. To obtain the Resource Kit, download it from the Customer Portal at https://beyondtrustcorp.service-now.com/csm. If you do not have access to the Customer Portal, contact your account manager or submit a request to Sales at https://www.beyondtrust.com/contact.
The Password Safe plugin SDK requires the following prerequisites:
- BeyondInsight/Password Safe 21.3+
- Microsoft Visual Studio 2019+
- .NET Core 3.1
The plugin SDK contains detailed developer documentation, code samples, utilities, and a code generator template which quickly and easily creates all the scaffolding required for your plugin, with stub implementations of each of the features offered by the SDK. These features include:
- Managed account credential rotation
- Managed account credential rotation via a functional account
- Test managed account credential
- Test functional account credential
- Functional account credential rotation
Getting Started with the Plugin SDK
Follow these steps to use the Password Safe Cloud Plugin SDK to build a new platform plugin.
Extract the PlatformPlugin.Generator.zip archive into the desired location.
The C# Project file (CSPROJ) should be renamed to more suitably represent the plugin, such as: PasswordSafe.PlatformPlugin.<platform_name>.csproj.
Open the C# project using Microsoft Visual Studio 2019.
.NET Core 3.1 framework is a prerequisite and must be installed.
Edit the PluginCodeGenerator.tt file to include your company name as well as the plugin name, version, and description.
Make sure the RegenerateCode variable is set to true. This triggers the automatic generation of the plugin code scaffolding.
Save the PluginCodeGenerator.tt file. The template generator automatically creates all files for the plugin.
To prevent the code regeneration on every build, set the value of the RenegerateCode variable to false in the PluginCodeGenerator.tt file.
Implement the desired methods in the plugin. Each method is automatically created with a stub implementation, which returns the NotImplementedException for each action. Remove the exception and replace with the proper corresponding code and business logic.
Each plugin action has access to several available parameters and is provided in each action as a code comment.
Build the project and ensure there are no errors. (The build.cmd file provides an easy-to-use command line interface.)
Refer to the Plugin SDK for a test harness utility, which allows the ability to test and debug your plugin prior to adding it to Password Safe.
Once the plugin is ready to be used, it needs to be packaged into a Password Safe Plugin (PSPLUGIN). Extract the Password Safe Plugin Packager.zip from the Platform SDK and run the Password SafePasswordSafe.Plugins.Packager.exe application.
Select the Plugin Folder (the build output location from Step 8), and specify the desired Output location.
To validate the plugin was created correctly, click the Load Metadata button. The plugin metadata values which were entered in the PluginCodeGenerator.tt file in Step 3 are displayed.
- Click the Generate Package button to generate the plugin.psplugin file.
- Add the new plugin into Password Safe via the Configuration > Privileged Access Management > Platform Plugins menu.
Access to this configuration entry requires a BeyondInsight Administrator's permission.
Click Create New Platform Plugin. Either drag and drop the file, or click the Upload tile to browse to and select a file to upload.
The maximum supported file size for a plugin package is 5 MB.
Click Upload Plugin. The plugin package is added to Password Safe with the ability to create managed systems, managed accounts, and functional accounts for this new platform.