Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

remote_command_linux = (/home/testremote/test $secret_var {{param1}})

but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

Could you please advise.

thanks in advanced.

Best Regards.




------------------------------
Guillermo Lujan
------------------------------

Hi Guillermo,

Welcome to the Community!

AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

What we advise you to do is make the whole string a secret and reference that in your app.config:
SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

Then in the app.config section set:
remote_command_linux = $SECRET_COMMAND_VALUE

Hope this helps!

------------------------------
Shane Curtin
Apps Engineer - IBM Security SOAR
------------------------------

Original Message:
Sent: Mon July 12, 2021 05:23 PM
From: Guillermo Lujan
Subject: FN Utilities : Remote command execution

Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

remote_command_linux = (/home/testremote/test $secret_var {{param1}})

but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

Could you please advise.

thanks in advanced.

Best Regards.




------------------------------
Guillermo Lujan
------------------------------

Hi Shane ! thanks for your reply, i will try it as per your advise.

BR.

Guillermo

------------------------------
Guillermo Lujan
------------------------------

Original Message:
Sent: Wed July 14, 2021 12:14 PM
From: Shane Curtin
Subject: FN Utilities : Remote command execution

Hi Guillermo,

Welcome to the Community!

AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

What we advise you to do is make the whole string a secret and reference that in your app.config:
SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

Then in the app.config section set:
remote_command_linux = $SECRET_COMMAND_VALUE

Hope this helps!

------------------------------
Shane Curtin
Apps Engineer - IBM Security SOAR

Original Message:
Sent: Mon July 12, 2021 05:23 PM
From: Guillermo Lujan
Subject: FN Utilities : Remote command execution

Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

remote_command_linux = (/home/testremote/test $secret_var {{param1}})

but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

Could you please advise.

thanks in advanced.

Best Regards.




------------------------------
Guillermo Lujan
------------------------------

Hi Guillermo,

Welcome to the Community!

AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

What we advise you to do is make the whole string a secret and reference that in your app.config:
SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

Then in the app.config section set:
remote_command_linux = $SECRET_COMMAND_VALUE

Hope this helps!

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Mon July 12, 2021 05:23 PM
From: Guillermo Lujan
Subject: FN Utilities : Remote command execution

Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

remote_command_linux = (/home/testremote/test $secret_var {{param1}})

but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

Could you please advise.

thanks in advanced.

Best Regards.




------------------------------
Guillermo Lujan
------------------------------

Hello Mark, thanks for your reply, i will try it as per your advise.

BR.

Guillermo

------------------------------
Guillermo Lujan
------------------------------

Original Message:
Sent: Wed July 14, 2021 12:09 PM
From: Mark Scherfling
Subject: FN Utilities : Remote command execution

Hi Guillermo,

Welcome to the Community!

AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

What we advise you to do is make the whole string a secret and reference that in your app.config:
SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

Then in the app.config section set:
remote_command_linux = $SECRET_COMMAND_VALUE

Hope this helps!

------------------------------
Mark Scherfling

Original Message:
Sent: Mon July 12, 2021 05:23 PM
From: Guillermo Lujan
Subject: FN Utilities : Remote command execution

Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

remote_command_linux = (/home/testremote/test $secret_var {{param1}})

but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

Could you please advise.

thanks in advanced.

Best Regards.




------------------------------
Guillermo Lujan
------------------------------