IBM BigFix Secure Parameters

From RiceFamily Wiki
Jump to: navigation, search

The problem with using things like Passwords inside Fixlets is that the Fixlet bodies are available to ALL of the computers. This would mean that if someone knew where to look they could see the password in plain text.

The solution to this is to encrypt things like Passwords inside the Fixlet. The drawback to this technique is that it means that targeting is limited to individual machines. Targeting based on Properties can't be done because the Secure Parameters are encrypted using the Public Key for each targeted computer, so each action file must be generated individually for each computer at the time of submission of the Action.