New features - password management - PCI-DSS

[iisinfrastructure]

Hi,

I have made a request to the official support but they sent me back here. The feature I am looking for doesn't exist yet. Id' like to make a request for it cause, considering that compliance is going to be a standard in a lot company, I am pretty sure I am not the only one in need.

I am currently working on a PCI-DSS compliance meaning I need ton renew my password every 90 days including passwords use to encrypt saved copy of all my virtual machine. I know I am able to manage those password but what I need is the possibility to add an expiration date on those password or at least some kind of log saying that a password as been created at a certain time.

Thanks,

[Gostev]

Hi,

Actually, this feature does exist. I am sorry our support provided you with wrong information.
We do show the age for every password right in the Password Manager (see Last edited column).

Thanks!

[iisinfrastructure]

Hi,

First thank you.

Now that I got this intel is there any way I can receive an alert when this password is nearly expire (If I can put an expiration date) or at least check the creation date (with a script or some supervision tool)?

Thanks,

[veremin]

This following one-liner should show you description as well as modification date for all existing keys:

Code: Select all

Get-VBREncryptionKey | select description, modificationdateutc

Thanks.

[iisinfrastructure]

That was quick.You guys rock!

Now all I need to do is some scripting comparing the encryption date with the current one and send some alert. Not that hard.

Thanks a lot,

[veremin]

This should give a general idea. Specify as $Delta variable number of days after which script should be considered as expired and you're good to go:

Code: Select all

$Delta = 0
Get-VBREncryptionKey | where {((Get-Date) - $_.ModificationDateUtc).days -gt $Delta} | select description, ModificationDateUtc

Thanks.