If credentials are retrieved automatically and securely from the PowerBroker Password Safe API, commercial application developers would never be required to enter a username and password for connectivity, and end users, like database administrators, never need administrator rights to access a database. This capability improves system security while enabling greater business agility.
Organizations and application developers will realize multiple benefits in using the PowerBroker Password Safe API:
1. Secure credential management: Instead of entering static credentials, developers call on the PowerBroker Password Safe API to retrieve the latest credentials for the user, application, infrastructure, cloud solution, or database to authenticate and then release the credentials at the end of the session. This triggers automatic randomized cycling of the password. The end user is never exposed to the username or password. All authentication is performed silently behind the scenes with complete activity auditing, if desired.
2. Simplified developer access: Improve the agility and responsiveness of IT by never requiring the entry of a username and password for connectivity to create custom applications. End users, like database administrators, never need administrator credentials to access a database if the tools retrieve stored credentials automatically. Management tools for services, remote access, and infrastructure automatically recognize the logged on user and the asset they are on, and seamlessly request and pass credentials for the application.
3. Protection from SSO hacks: Since credentials can be passed within the application itself, directly from Password Safe, IT can secure runtime and avoid hacking techniques like pass-the-hash and keystroke logging, making this approach far more secure than single sign-on (SSO).
4. Sample code to get started quickly: To enable developers to access the API and help secure their applications, BeyondTrust has provided sample code in the following formats: C# (.NET), PowerShell, Ruby, Python, Java, and Bash shell.
“In our dedication to preventing privilege misuse and stopping unauthorized access, BeyondTrust recognizes the importance of safeguarding sign-on credentials as the next step in secure authentication,” said Morey Haber, Vice President of Technology at BeyondTrust. “With this free, public API, we are proud to offer the first solution of its kind to developers, customers, and partners.”
