Credentials¶
The following methods allow for interaction into the Tenable Vulnerability Management credentials API endpoints.
Methods available on tio.credentials
:
- class CredentialsAPI(api: APISession)[source]¶
- create(cred_name, cred_type, description=None, permissions=None, **settings)[source]¶
Creates a new managed credential.
- Parameters:
cred_name (str) – The name of the credential.
cred_type (str) – The type of credential to create. For a list of values refer to the output of the
types()
method.description (str, optional) – A description for the credential.
permissions (list, optional) –
A list of permissions (in either tuple or native dict format) detailing whom is allowed to use or edit this credential set. For the dictionary format, refer to the API docs. The tuple format uses the customary
(type, perm, uuid)
format.Examples
('user', 32, user_uuid)
('group', 32, group_uuid)
('user', 'use', user_uuid)
**settings (dict, optional) – Additional keywords passed will be added to the settings dict within the API call. As this dataset can be highly variable, it will not be validated and simply passed as-is.
- Returns:
The UUID of the newly created credential.
- Return type:
Examples
>>> group_id = '00000000-0000-0000-0000-000000000000' >>> tio.credentials.create('SSH Account', 'SSH', ... permissions=[('group', 'use', group_id)], ... username='user1', ... password='sekretsquirrel', ... escalation_account='root', ... escalation_password='sudopassword', ... elevate_privileges_with='sudo', ... bin_directory='/usr/bin', ... custom_password_prompt='')
- delete(id)[source]¶
Deletes the specified credential.
- Parameters:
id (str) – The UUID of the credential to retrieve.
- Returns:
The status of the action.
- Return type:
Examples
>>> cred_uuid = '00000000-0000-0000-0000-000000000000' >>> cred = tio.credentials.delete(cred_uuid)
- details(id)[source]¶
Retrieves the details of the specified credential.
- Parameters:
id (str) – The UUID of the credential to retrieve.
- Returns:
The resource record for the credential.
- Return type:
Examples
>>> cred_uuid = '00000000-0000-0000-0000-000000000000' >>> cred = tio.credentials.details(cred_uuid)
- edit(cred_uuid, cred_name=None, description=None, permissions=None, ad_hoc=None, **settings)[source]¶
Creates a new managed credential.
- Parameters:
ad_hoc (bool, optional) – Determines whether the credential is managed (
False
) or an embedded credential in a scan or policy (True
).cred_name (str, optional) – The name of the credential.
description (str, optional) – A description for the credential.
permissions (list, optional) –
A list of permissions (in either tuple or native dict format) detailing whom is allowed to use or edit this credential set. For the dictionary format, refer to the API docs. The tuple format uses the customary
(type, perm, uuid)
format.Examples
('user', 32, user_uuid)
('group', 32, group_uuid)
('user', 'use', user_uuid)
**settings (dict, optional) – Additional keywords passed will be added to the settings dict within the API call. As this dataset can be highly variable, it will not be validated and simply passed as-is.
- Returns:
The status of the update process.
- Return type:
Examples
>>> cred_uuid = '00000000-0000-0000-0000-000000000000' >>> tio.credentials.edit(cred_uuid, ... password='sekretsquirrel', ... escalation_password='sudopassword')
- list(*filters, **kw)[source]¶
Get the listing of configured credentials from Tenable Vulnerability Management.
- Parameters:
*filters (tuple, optional) –
Filters are tuples in the form of (‘NAME’, ‘OPERATOR’, ‘VALUE’). Multiple filters can be used and will filter down the data being returned from the API.
Examples
('name', 'eq', 'example')
As the filters may change and sortable fields may change over time, it’s highly recommended that you look at the output of the
tio.filters.networks_filters()
endpoint to get more details.filter_type (str, optional) – The filter_type operator determines how the filters are combined together.
and
will inform the API that all of the filter conditions must be met for an access group to be returned, whereasor
would mean that if any of the conditions are met, the access group record will be returned.limit (int, optional) – The number of records to retrieve. Default is 50
offset (int, optional) – The starting record to retrieve. Default is 0.
owner_uuid (str, optional) – The UUID of the scan owner. If specified it will limit the responses to credentials assigned to scans owned by the specified user UUID.
sort (tuple, optional) – A tuple of tuples identifying the the field and sort order of the field.
wildcard (str, optional) – A string to pattern match against all available fields returned.
wildcard_fields (list, optional) – A list of fields to optionally restrict the wild-card matching to.
- Returns:
An iterator that handles the page management of the requested records.
- Return type:
CredentialsIterator
Examples
>>> for cred in tio.credentials.list(): ... pprint(cred)
- types()[source]¶
Lists all of the available credential types.
- Returns:
A list of the available credential types and definitions.
- Return type:
Examples
>>> cred_types = tio.credentials.types()
- upload(fobj: BinaryIO, file_type: str)[source]¶
Uploads a file for use with a managed credential.
- Parameters:
fobj (FileObject) – The file object intended to be uploaded into Tenable Vulnerability Management.
file_type (string) – File type of the credential being uploaded.
- Returns:
The fileuploaded attribute
- Return type:
Examples
>>> with open("hello.pem", "rb") as file: ... response = tio.credentials.upload(file, "pem") ... ... print(response)