SRA ECM Plugin Tutorial – Password Safe and Docker image - PRA and Remote Support - Part 2

Context:

This is Part 2 for this article:

Disclaimer

The Endpoint Credential Manager (ECM) Software Development Kit

Allows developers to create Custom ECM Plugins. The SDK comes with a Plugin example, which has been used as a starting point to create a new Plugin.

Any sample or proof of concept code (“Code”) provided on the Community is provided “as is” and without any express or implied warranties. This means that we do not promise that it will work for your specific needs or that it is error-free. Such Code is community supported and not supported directly by BeyondTrust, and it is not intended to be used in a production environment. BeyondTrust and its contributors are not liable for any damage you or others might experience from using the Code, including but not limited to, loss of data, loss of profits, or any interruptions to your business, no matter what the cause is, even if advised of the possibility of such damage.

Build and Deploy a Docker image for the ECM Plugin for Password Safe tutorial

We can build a Docker image leveraging the Microsoft image described here: https://learn.microsoft.com/en-us/dotnet/architecture/microservices/net-core-net-framework-containers/official-net-docker-images

We need to create a folder and subfolder structure on our Linux Docker host and copy the project files.

We need to copy the publish subfolder to our Docker host folder.

We need to modify ExamplePlugin.csproj so it can run on Linux.

<Project Sdk="Microsoft.NET.Sdk.Worker">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <UserSecretsId>dotnet-ExamplePlugin-a620ada8-83c6-4c7a-8df7-edda1c5e47af</UserSecretsId>
    <RootNamespace>MyCompany.Integrations.ExamplePlugin</RootNamespace>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.1" />
    <PackageReference Include="Microsoft.Extensions.Hosting" Version="9.0.0" />
    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.1" />	
    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" Version="9.0.0" />	
    <PackageReference Include="Microsoft.Extensions.Logging" Version="9.0.1" />	
    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />	
    <PackageReference Include="System.ComponentModel.Composition" Version="9.0.1" />	
    <PackageReference Include="System.Configuration.ConfigurationManager" Version="9.0.1" />	
    <PackageReference Include="System.DirectoryServices" Version="9.0.1" />	
    <PackageReference Include="System.Formats.Asn1" Version="9.0.1" />	
    <PackageReference Include="System.Runtime.Caching" Version="9.0.1" />	
    <PackageReference Include="System.Security.Cryptography.Pkcs" Version="9.0.1" />	
    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="9.0.1" />	
    <PackageReference Include="System.ServiceModel.Primitives" Version="8.1.1" />	
    <PackageReference Include="System.ServiceProcess.ServiceController" Version="9.0.1" />
  </ItemGroup>

  <ItemGroup>
    <Folder Include="lib\" />
  </ItemGroup>

  <ItemGroup>
    <Reference Include="BeyondTrustECMSDK">
      <HintPath>lib/BeyondTrustECMSDK.dll</HintPath>
    </Reference>
  </ItemGroup>

  <ItemGroup>
    <Reference Include="BeyondTrustECMService">
      <HintPath>lib/BeyondTrustECMService.dll</HintPath>
    </Reference>
  </ItemGroup>

  <Target Name="PostBuild" AfterTargets="PostBuildEvent">
    <ItemGroup>
	<DataFiles Include="$(ProjectDir)..\lib\*.*"/>
    </ItemGroup>
    <Copy
	SourceFiles="@(DataFiles)"
	DestinationFolder="$(TargetDir)\lib\"
	SkipUnchangedFiles="true"/>
  </Target>

</Project>

We need to create a Dockerfile and a /lib subdirectory that includes the SDK and ECMService libraries.

FROM mcr.microsoft.com/dotnet/sdk:8.0@sha256:35792ea4ad1db051981f62b313f1be3b46b1f45cadbaa3c288cd0d3056eefb83 AS build-env
WORKDIR /SRA_PasswordSafe

# Copy everything
COPY . ./
COPY /lib/*.dll ./lib/
COPY *"/lib/BeyondTrustECMSDK.dll", "/lib"]
COPY l"/lib/BeyondTrustECMService.dll", "/lib"]
# Restore as distinct layers
RUN dotnet restore
# Build and publish a release
RUN dotnet publish -c Release -o out

# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:8.0@sha256:6c4df091e4e531bb93bdbfe7e7f0998e7ced344f54426b7e874116a3dc3233ff
ENV ApiBaseUrl="https://myInstance.ps.beyondtrustcloud.com"
ENV OAuthClientId="12345"
ENV OAuthClientSecret="asdfgh"
ENV ApiKey="12345"
ENV SRASiteHostname="myInstance.beyondtrustcloud.com"
ENV SRAClientId="12345"
ENV SRAClientSecret="abcde"
WORKDIR /SRA_PasswordSafe
COPY --from=build-env /SRA_PasswordSafe/out .
ENTRYPOINT /"dotnet", "ExamplePlugin.dll"]

Now we can build our Docker image:

docker build -t sra-ecm-passwordsafe -f Dockerfile .

We need to create a env file for our configuration:

ApiBaseUrl=https://myInstance.ps.beyondtrustcloud.com
ApiKey=12345
OAuthClientId=abcdef12345
OAuthClientSecret=zxcvb98765
Domains=e{"Dn":"dc=myForest,dc=cloud","Domain":"btintegrations.cloud"},{"Dn":"dc=btlab,dc=cloud","Domain":"btlab.cloud"}]
SRASiteHostname=mySRAInstance.beyondtrustcloud.com
SRAClientId=12345
SRAClientSecret=asdfgh