Password Rotations

We are looking to rotate passwords with Kaseya's ITGlue, or with Rewst, but if we rotate either the user account that Nerdio is using to integrate into the MSP's tenant, or if we rotate the domain admin password that's hard coded in Nerdio for joining machines to the domain, things break.

One solution would be to allow editing the domain password via API. As the password rotation happens, an API request is made to update the account with the new password in Nerdio. Rotating the service user account is a little more difficult as there needs to be user interaction via browser to authenticate Nerdio to Azure.

One niche solution would be to have an ITGlue integration (or whatever other popular password manager is out there). Nerdio would be synced with the service doing the rotation. As the scheduled time happens, Nerdio would know to reach out to ITGlue to retrieve the new password and configure itself. An integration between the two services would allow password entities in ITGlue designated for rotation to be seen by Nerdio. As a password rotates, Nerdio updates itself.

Another solution would be for Nerdio to rotate the passwords itself and then update the password manager of choice, or send a secure webhook with the new password to a custom solution that would then do the PUT / POST call to ITGlue.

Password rotation is a security focused goal our team is working towards, but we can't rotate critical passwords due to how Nerdio has them hard coded or require authentication.

1

Comments (1 comment)

Avatar
Dave Stephenson

Welcome to the community, Gabriel Herrera 🙂!

As you pointed out, we don't currently have this feature and it could be a great addition.

Until the feature is added, you could utilize the Nerdio API to attempt to automate those password rotations.
However, YMMV if it will work or not.

I would suggest giving it a try and posting in the Nerdio Manager API channel if you hit any roadblocks.

0

Please sign in to leave a comment.