The files in templates/ are illustrative patterns and starter scaffolds, not production-ready scripts. They are intentionally lightweight and are not presented as tested integrations for live targets. Use them to understand structure, common Safeguard operations, and recommended implementation approaches before you build your own platform.
- Pattern templates (
Pattern-*.json) show recommended approaches for specific scenarios such as REST account discovery, JIT elevation, Linux file management, dependent systems, and API key rotation. - Minimal starters (
Template*.json) provide the smallest scaffold to begin from when you want a clean base and plan to add operations yourself.
- Choose the closest starting point. Pick a minimal starter for a blank scaffold, or a pattern template when one already matches your target workflow.
- Copy it to a new script. Keep the original template unchanged and work in your own file.
- Customize it for your target. Replace commands, endpoints, authentication, parsing, prompts, regex, parameters, and error handling.
- Validate and test it. Review script structure, operations, and the development workflow. Then validate locally and test only against safe non-production assets with testing and debugging guidance.
- Deploy after verification. Import the finished script into SPP only after it behaves consistently in your environment.
- Documentation hub
- Script structure
- Operations reference
- Development workflow
- Testing and debugging
- SSH platforms
- HTTP platforms
| File | Type | Description | Key operations | Related docs |
|---|---|---|---|---|
Pattern-GenericHttpAccountDiscovery.json |
Pattern | Paginated REST account discovery using WriteDiscoveredAccount. Adapt authentication, endpoint shape, and response parsing to your target API. |
CheckSystem, DiscoverAccounts |
HTTP platforms, Account discovery |
Pattern-GenericHttpJitElevation.json |
Pattern | Idempotent JIT elevation and demotion over REST, modeled as add/remove group membership or equivalent privilege assignment. | CheckSystem, ElevateAccount, DemoteAccount |
HTTP platforms, JIT elevation |
Pattern-GenericLinuxDependentSystem.json |
Pattern | SSH pattern for updating a dependent system after a primary credential change, using a caller-provided dependency command. | CheckSystem, UpdateDependentSystem |
SSH platforms, Dependent systems |
Pattern-GenericLinuxFileManagement.json |
Pattern | SSH file-management pattern that checks, deploys, and verifies file content, including base64 decode and validation steps. | CheckSystem, CheckFile, ChangeFile |
SSH platforms, File management |
Pattern-GenericLinuxFull.json |
Pattern | Broad Linux SSH starting point that combines password management, SSH key management, account discovery, host key discovery, and enable/disable flows in one script. | CheckSystem, CheckPassword, ChangePassword, CheckSshKey, ChangeSshKey, DiscoverAccounts, DiscoverSshHostKey, EnableAccount, DisableAccount |
SSH platforms, SSH key management, Account discovery |
Pattern-GenericLinuxServiceDiscovery.json |
Pattern | SSH service-discovery pattern that queries systemd and emits results with WriteDiscoveredService. |
CheckSystem, DiscoverServices |
SSH platforms, Operations reference |
Pattern-GenericRestApiBasicAuth.json |
Pattern | REST API management with HTTP Basic authentication for connectivity, password validation, password change, and account discovery. | CheckSystem, CheckPassword, ChangePassword, DiscoverAccounts |
HTTP platforms, Account discovery |
Pattern-GenericRestApiBearerToken.json |
Pattern | REST API management with OAuth2 client credentials and bearer tokens for connectivity and password operations. | CheckSystem, CheckPassword, ChangePassword |
HTTP platforms, Your first HTTP script |
Pattern-GenericRestApiKeyRotation.json |
Pattern | REST API key validation and rotation workflow that you can adapt to your target system's key lifecycle and rollback needs. | CheckSystem, CheckApiKey, ChangeApiKey |
HTTP platforms, API key management |
Pattern-WindowsSshBasic.json |
Pattern | Windows password management over OpenSSH using PowerShell and net user, for environments that use SSH instead of WinRM. |
CheckSystem, CheckPassword, ChangePassword |
SSH platforms, Operations reference |
TemplateHttpMinimal.json |
Minimal starter | Smallest HTTP scaffold: a CheckSystem example that calls a health endpoint with a bearer token. Use it when you want to design your own HTTP workflow from scratch. |
CheckSystem |
Your first HTTP script, Script structure |
TemplateSshMinimal.json |
Minimal starter | Smallest SSH scaffold: connect, run a simple echo-style command, and disconnect in CheckSystem. Use it as a clean base for SSH-driven platforms. |
CheckSystem |
Your first SSH script, Script structure |
If you want fuller examples to study after you understand the patterns here, see: