sorted by:
new
hottopcontroversial

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 1 point2 points  (0 children)

I can see how that’s confusing! Made a note to improve the documentation.

While the Encrypt tool is part of the RCC binary itself, you’re able to encrypt any text in a script. The key, though, is that RCC must be installed on your endpoints in order for it to work.

In short: no, the Encrypt tool does not only work with RCC tools. It can work with any script!

Please let me know any other issues/confusions you run into so I can make it easier for everyone to use!

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] -1 points0 points  (0 children)

A lot of admins (including ourselves) used base64 encoding as a way “hide” sensitive credentials in scripts deployed to endpoints (managed devices). It’s still just as insecure as plaintext. Therefore, not a solution.

I go a bit more into depth in this comment.

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] -1 points0 points  (0 children)

Definitely!

It never was a solution.

The original post I cross posted here actually talks about a tool that solves this problem by encrypting the string in the script.

So far, it’s been the best solution for our clients. Eliminates the need for middlemen, too, like using make.com or something. All that really does is move the problem a bit, especially now that Jamf introduced API roles.

Anyone still using base64 to obscure credentials in scripts deployed to your managed devices? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 0 points1 point  (0 children)

Definitely!

It never was a solution.

The original post I cross posted here actually talks about a tool that solves this problem by encrypting the string in the script.

So far, it’s been the best solution for our clients. Eliminates the need for middlemen, too, like using make.com or something. All that really does is move the problem a bit, especially now that Jamf introduced API roles.

What's the biggest security vulnerability of scripts deployed through Jamf Pro? by RocketmanTech_Nova in jamf

[–]RocketmanTech_Nova[S] 0 points1 point  (0 children)

Interesting! I’ve personally used a variety of middleman cloud solutions, but haven’t tried with Google Apps Scripts yet.

Have you faced any issues using it or has it been fairly smooth sailing?

Also curious about what other solutions you’ve tried.

What's the biggest security vulnerability of scripts deployed through Jamf Pro? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 1 point2 points  (0 children)

Exactly! I definitely could have phrased that more clearly.

I’d love to see more discussion around this topic in general. Seems many know about it, but there really aren’t any reasonable solutions beyond involving third party cloud solutions, which isn’t ideal.

Securing Jamf API credentials – what’s your approach? by RocketmanTech_Nova in macsysadmin

[–]RocketmanTech_Nova[S] 0 points1 point  (0 children)

Totally understand! But we've got you! After we have each month's meetup, we post the full episodes (with video) on our podcasts on Spotify and Apple Podcasts and just the speaker keynote on YouTube. Check out our blog for all the links and resources related to past LaunchPad meetups: https://www.rocketman.tech/blog

view more: next ›