Want to know the options to hide or mask the plain text passwords connecting CA PAM via CLI

Release : 4.0/4.1

Component : PRIVILEGED ACCESS MANAGEMENT

1) run a powershell command with a a2a from samples:

param([Parameter(Mandatory=$true)][string]$p1,
      [string]$p2="false")

if ($env:CSPM_CLIENT_HOME -eq $null) { Write-Host "Environment variable CSPM_CLIENT_HOME is not set"; exit }

$command = $env:CSPM_CLIENT_HOME + '\cspmclient\bin\cspmclient.exe' + ' ' + $p1 + ' ' + $p2
$output = Invoke-Expression $command
$tokens = $output.split(' ')
$rc = $tokens[0]
$userid = $tokens[1]
$password = $tokens[2]

Invoke-Expression $command

Result will be something like this:

C:\pam341remotecli>powershell c:\cspm\cloakware\cspmclient\examples\exampletestcustomezed.ps1
a2atests-61001
400 a2atests-61001 0BI-l]CyO8IvU!_0

2) You can add a command as capam_command.bat to run with a variable $password as in this example:

$Command = 'c:\pam341remotecli\capam_command.bat capam=<pamserver> adminUserID=<pamuser>' + ' ' + 'adminPassword=' + $password + ' ' + 'cmdName=getErrorCodes'

Invoke-Expression $command

This will run the capam_command with user only without provide the password