We have automated scripts that access certain devices and are getting the passwords for the devices from a root-read-only plain-text file.
Is there some kind of architecture we can use so that we can move these passwords to a server and have the scripts access them via web service? Or perhaps there is an existing technology that does this?
Pretty much every password manager in existence has some sort of API you can use to get credentials out. The trick, of course, is managing the credential that authenticates access to the central store... it ends up being a bit of a "turtles all the way down" situation (at least until you bump into an X.509 key/cert in a HSM... and then you've got to keep the PIN to activate that somewhere...).
As you may have guessed, I've been here and am a little jaded by the whole thing. (grin)
