The current Guardium Venafi integration requires an access_token to authenticate with the Venafi TPP server. However in customer environments these tokens can have short expiry periods e.g. one day. In order to keep the integration credentials current the access_token would need to be requested once per day outside of Guardium and Guardium reconfigured with the new token.
A better way would be to configure Guardium with the credentials to request the access_token. E.g. with the following fields:
Username, password, client_id, scope.
Then when the grdapi venafi_import variant=… command is executed Guardium would request an oauth token by posting a JSON document to the vedauth/authorize/oauth endpoint on the TPP server. Example Json below:
"scope" : "Configuration:Manage"
The access_token is in the returned json.
This token could then be used in the request to get the certificate and key like in the existing code used to retrieve an the certificate and key with the access_token.
Do not place IBM confidential, company confidential, or personal information into any field.