Requirements and technology – Security
Password servers are infrastructure components for centrally managing user, application and system passwords, automatically renewing them and making them available to front-end and back-end applications. The password servers manage various safes in which the necessary account information is stored. The access of the respective application can be restricted to a certain safe.
ScriptRunner supports central password safes and password servers to provide more security for your credentials. ScriptRunner can be connected to the following password servers via connectors:
Use Case
If a script starts, a Windows background process for the PowerShell starts on the ScriptRunner host. The background process receives a temporary token. The process uses this token to access the password safe. The associated credential is retrieved via a reference ID.
With this procedure no more account information is available on the ScriptRunner Host. Only the reference ID to the credential remains in the password safe.
In addition to the token mechanism, a reverse proxy mechanism can also be used, which uses a reverse request to ensure that only a previously defined and characterized process may submit a password request and only this process is forwarded to the password server and answered by the password safe proxy.
The connection between ScriptRunner and the password server system is established via a connector. The connection is configured via the PowerShell cmdlet.