{"id":48774016,"url":"https://github.com/mikedominic92/pam-multivendor-lab","last_synced_at":"2026-04-13T12:01:24.587Z","repository":{"id":326961276,"uuid":"1107242962","full_name":"MikeDominic92/Pam-MultiVendor-Lab","owner":"MikeDominic92","description":"Enterprise PAM demonstration - HashiCorp Vault + Delinea Secret Server with cross-platform automation, migration tooling, and architecture comparison","archived":false,"fork":false,"pushed_at":"2026-01-20T01:35:17.000Z","size":4485,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-01-20T05:52:36.034Z","etag":null,"topics":["ansible","automation","cyberark","cybersecurity","delinea","devops","docker","hashicorp-vault","identity-management","pam","privileged-access","privileged-access-management","python","secret-server","secrets-management"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MikeDominic92.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-30T21:00:54.000Z","updated_at":"2026-01-20T01:35:20.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/MikeDominic92/Pam-MultiVendor-Lab","commit_stats":null,"previous_names":["mikedominic92/pam-vault-lab","mikedominic92/pam-multivendor-lab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MikeDominic92/Pam-MultiVendor-Lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeDominic92%2FPam-MultiVendor-Lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeDominic92%2FPam-MultiVendor-Lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeDominic92%2FPam-MultiVendor-Lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeDominic92%2FPam-MultiVendor-Lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MikeDominic92","download_url":"https://codeload.github.com/MikeDominic92/Pam-MultiVendor-Lab/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeDominic92%2FPam-MultiVendor-Lab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31751705,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T09:16:15.125Z","status":"ssl_error","status_checked_at":"2026-04-13T09:16:05.023Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","cyberark","cybersecurity","delinea","devops","docker","hashicorp-vault","identity-management","pam","privileged-access","privileged-access-management","python","secret-server","secrets-management"],"created_at":"2026-04-13T12:01:23.353Z","updated_at":"2026-04-13T12:01:24.578Z","avatar_url":"https://github.com/MikeDominic92.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003ePAM Multi-Vendor Lab\u003c/h1\u003e\n\u003ch3 align=\"center\"\u003eEnterprise Privileged Access Management Platform\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/HashiCorp-Vault_1.15+-F7931A.svg?style=flat-square\u0026logo=vault\u0026logoColor=white\" alt=\"Vault\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Delinea-Secret_Server-0078D4.svg?style=flat-square\" alt=\"Delinea\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/AWS-Secrets_Manager-FF9900.svg?style=flat-square\u0026logo=amazonaws\u0026logoColor=white\" alt=\"AWS\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Python-3.10+-3776AB.svg?style=flat-square\u0026logo=python\u0026logoColor=white\" alt=\"Python\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Next.js-16-000000.svg?style=flat-square\u0026logo=nextdotjs\u0026logoColor=white\" alt=\"Next.js\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/3_PAM_Platforms-000000?style=flat-square\" alt=\"Platforms\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/8_Lab_Exercises-000000?style=flat-square\" alt=\"Labs\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Dark_Glassmorphism-a855f7?style=flat-square\" alt=\"Design\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://pam-multivendor-lab.netlify.app/\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Live_Demo-00f5ff?style=for-the-badge\u0026logo=netlify\u0026logoColor=white\" alt=\"Live Demo\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### What is PAM Multi-Vendor Lab?\n\n**PAM Multi-Vendor Lab is a production-ready demonstration of enterprise privileged access management across HashiCorp Vault, Delinea Secret Server, and AWS Secrets Manager - featuring a modern cybersecurity dashboard with glassmorphism design.**\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n### The Problem It Solves\n\nModern enterprises rarely use a single PAM solution. CyberArk dominates large enterprise. Delinea serves mid-market. Vault powers DevOps. AWS Secrets Manager handles cloud workloads. PAM architects need expertise across all platforms, but vendor-specific training and isolated lab environments make cross-platform skills difficult to develop.\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n### The Solution\n\nPAM Multi-Vendor Lab provides a unified environment to learn, compare, and automate across three major PAM platforms. A Python abstraction layer enables cross-platform secret management. Migration tools move secrets bidirectionally between platforms. Mock modes allow full demonstrations without live credentials.\n\n**Result: Multi-vendor PAM expertise. Cross-platform automation. Zero licensing cost.**\n\n\u003c/div\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://pam-multivendor-lab.netlify.app/\"\u003eLive Demo\u003c/a\u003e |\n  \u003ca href=\"#platform-screenshots\"\u003eScreenshots\u003c/a\u003e |\n  \u003ca href=\"#technical-problem-solving\"\u003eProblem Solving\u003c/a\u003e |\n  \u003ca href=\"#key-features\"\u003eFeatures\u003c/a\u003e |\n  \u003ca href=\"#architecture\"\u003eArchitecture\u003c/a\u003e |\n  \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Platform Screenshots\n\n**Dashboard with Dark Glassmorphism Design**\n\n\u003ca href=\"https://pam-multivendor-lab.netlify.app/\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/View_Live_Demo-00f5ff?style=for-the-badge\u0026logo=netlify\u0026logoColor=white\" alt=\"View Live Demo\"/\u003e\n\u003c/a\u003e\n\n### Security Dashboard\n\n\u003cimg src=\"docs/images/dashboard-main.png\" alt=\"Security Dashboard\" width=\"900\"\u003e\n\n*Real-time security metrics with multi-platform monitoring across Vault, Delinea, and AWS*\n\n| Feature | Description |\n|:--------|:------------|\n| **Glassmorphism Cards** | Frosted glass panels with backdrop blur and subtle borders |\n| **Animated Stat Cards** | Real-time metrics (2,847 secrets, 156 active sessions, 45.2K API requests) |\n| **Vault Status** | Live vault seal status with unseal key visualization |\n| **Platform Health** | Connection status for Delinea (847 secrets), AWS (1,234 secrets), HashiCorp Vault |\n| **Active Leases** | Dynamic credential countdown timers with role information |\n| **API Request Volume** | Area chart showing 24-hour request and error trends |\n| **Platform Distribution** | Pie chart breakdown of secrets by platform |\n| **System Health** | CPU, Memory, and Storage utilization rings |\n\n---\n\n### Secrets Browser\n\n\u003cimg src=\"docs/images/secrets-browser.png\" alt=\"Secrets Browser\" width=\"900\"\u003e\n\n*Unified secret management across all connected PAM platforms*\n\n| Feature | Description |\n|:--------|:------------|\n| **Tree Navigator** | Hierarchical view of secrets organized by platform (Delinea, AWS, Vault) |\n| **Folder Structure** | IT Infrastructure, API Keys, and custom folder organization |\n| **Secret Details** | Full secret view with server, database, username, and password fields |\n| **Version History** | Track changes with actor attribution and timestamps |\n| **Platform Badges** | Visual indicators showing source platform for each secret |\n| **Copy Actions** | One-click copy for sensitive field values |\n\n---\n\n### Dynamic Credentials\n\n\u003cimg src=\"docs/images/dynamic-credentials.png\" alt=\"Dynamic Credentials\" width=\"900\"\u003e\n\n*Just-in-time credential generation with automatic expiration*\n\n| Feature | Description |\n|:--------|:------------|\n| **Credential Generator** | Request credentials for Database (PostgreSQL, MySQL, MSSQL) or AWS IAM |\n| **Role Selection** | Choose from read-only, admin, deployer, and custom roles |\n| **TTL Configuration** | Set lease duration from 15 minutes to 24 hours |\n| **Active Leases Table** | Monitor all active credentials with expiration countdowns |\n| **Platform Indicators** | Visual badges showing credential type (Database, AWS, PKI) |\n| **Auto-Rotation Stats** | Track average TTL and credential lifecycle metrics |\n\n---\n\n### PKI Authority\n\n\u003cimg src=\"docs/images/pki-authority.png\" alt=\"PKI Authority\" width=\"900\"\u003e\n\n*Enterprise certificate management with visual trust chain hierarchy*\n\n| Feature | Description |\n|:--------|:------------|\n| **Certificate Metrics** | Active certs (1,247), Expiring (12), Revoked (34), Issued today (89) |\n| **Issue Certificate Wizard** | Generate certificates for Web Server, Internal Service, or Client Auth |\n| **Certificate Chain Visualization** | Interactive tree showing Root CA → Intermediate CAs → End entities |\n| **Expiring Soon Alerts** | Proactive warnings for certificates nearing expiration |\n| **Revocation Status** | Health status and online/offline CRL distribution points |\n| **Common Name Input** | Domain validation with real-time formatting |\n\n---\n\n### Audit \u0026 Policies\n\n\u003cimg src=\"docs/images/audit-policies.png\" alt=\"Audit \u0026 Policies - Policy Editor\" width=\"900\"\u003e\n\n*HCL policy editor with security scoring and capability analysis*\n\n| Feature | Description |\n|:--------|:------------|\n| **ACL Policy List** | Manage admin-policy, app-read-only, pki-issuer, db-creds-rotator, deployment-bot |\n| **HCL Policy Editor** | Syntax-highlighted editor with line numbers and path definitions |\n| **Capabilities Display** | Visual badges for READ, LIST, CREATE, UPDATE, DENY permissions |\n| **Path Coverage** | Track the number of paths protected by each policy |\n| **Security Score** | A-F grading based on least-privilege compliance |\n| **Create New Policy** | Guided workflow for defining new access policies |\n\n---\n\n### Live Audit Stream\n\n\u003cimg src=\"docs/images/audit-log-stream.png\" alt=\"Live Audit Stream\" width=\"900\"\u003e\n\n*Real-time access monitoring across all PAM platforms*\n\n| Feature | Description |\n|:--------|:------------|\n| **12,847 Total Events** | Comprehensive audit trail with 23 denied requests |\n| **Live Event Stream** | Real-time updates with timestamp, action type, and path |\n| **Platform Filtering** | View events from Vault, Delinea, or AWS independently |\n| **Action Type Badges** | Color-coded Read, Update, Create, Delete, List operations |\n| **Actor Attribution** | Track which service accounts and users performed actions |\n| **Export Capability** | Download audit logs for compliance and forensics |\n\n\u003c/div\u003e\n\n---\n\n\u003ch2 align=\"center\"\u003eTechnical Problem Solving\u003c/h2\u003e\n\n\u003cp align=\"center\"\u003e\u003cem\u003eReal enterprise PAM challenges and the architectural solutions I built to solve them.\u003c/em\u003e\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ch3\u003eChallenge 1: Multi-Vendor Secret Management\u003c/h3\u003e\n\n\u003e *\"How do you manage secrets across Vault, Delinea, and AWS with a single workflow?\"*\n\n**My Answer:** Abstract the platforms behind a unified interface.\n\n| Component | Description |\n|:----------|:------------|\n| **Platform Adapters** | VaultAdapter, DelineaAdapter, AWSAdapter with consistent methods |\n| **UnifiedSecret Model** | Platform-agnostic secret representation |\n| **Auto-Detection** | Discover available platforms from environment |\n| **Health Monitoring** | Check connectivity across all platforms simultaneously |\n| **Result** | One API, three platforms, zero vendor lock-in |\n\n**Solution Architecture:**\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart TD\n    subgraph App[\"Application Layer\"]\n        A[Unified PAM Client]\n    end\n\n    subgraph Adapters[\"Platform Adapters\"]\n        B[VaultAdapter]\n        C[DelineaAdapter]\n        D[AWSAdapter]\n    end\n\n    subgraph Platforms[\"PAM Platforms\"]\n        E[HashiCorp Vault]\n        F[Delinea Secret Server]\n        G[AWS Secrets Manager]\n    end\n\n    A --\u003e B\n    A --\u003e C\n    A --\u003e D\n    B --\u003e E\n    C --\u003e F\n    D --\u003e G\n```\n\n| Metric | Impact |\n|:------:|:------:|\n| Platforms supported | **3** |\n| API consistency | **100%** |\n| Vendor lock-in | **Eliminated** |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ch3\u003eChallenge 2: Cross-Platform Migration\u003c/h3\u003e\n\n\u003e *\"How do you migrate 500 secrets from Delinea to Vault without data loss?\"*\n\n**My Answer:** Dry-run everything. Map fields intelligently. Generate audit trails.\n\n| Component | Description |\n|:----------|:------------|\n| **Dry-Run Mode** | Preview migration without executing |\n| **Field Mapping** | Delinea fields map to Vault paths automatically |\n| **Template Detection** | Windows Account, Unix SSH, Database, API Key templates |\n| **Path Recommendation** | Intelligent Vault path suggestions based on secret type |\n| **JSON Reports** | Complete audit trail of migration operations |\n| **Result** | Zero-risk migration with full visibility |\n\n**Solution Architecture:**\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart LR\n    subgraph Source[\"Source Platform\"]\n        A[Delinea Secret Server]\n        B[Secret with Template]\n    end\n\n    subgraph Migration[\"Migration Engine\"]\n        C[Read Secret]\n        D[Detect Template Type]\n        E[Map Fields]\n        F[Generate Vault Path]\n        G[Dry-Run Preview]\n    end\n\n    subgraph Target[\"Target Platform\"]\n        H[HashiCorp Vault]\n        I[KV v2 Secret]\n    end\n\n    A --\u003e B --\u003e C --\u003e D --\u003e E --\u003e F --\u003e G --\u003e H --\u003e I\n```\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ch3\u003eChallenge 3: Platform Selection\u003c/h3\u003e\n\n\u003e *\"When should I use Vault vs Delinea vs CyberArk vs AWS?\"*\n\n**My Answer:** Match platform strengths to use case requirements.\n\n| Platform | Strength | Best For | Weakness |\n|:---------|:---------|:---------|:---------|\n| **CyberArk** | Session recording, discovery | Large enterprise, compliance | Cost, complexity |\n| **Delinea** | Faster deployment, mid-market | IT teams, Windows environments | Less cloud-native |\n| **HashiCorp Vault** | Dynamic secrets, API-first | DevOps, microservices, CI/CD | No session recording |\n| **AWS Secrets Manager** | Native AWS integration | Lambda, ECS, cloud workloads | AWS-only |\n\n**Solution Architecture:**\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart TD\n    A[PAM Platform Selection] --\u003e B{Use Case?}\n\n    B --\u003e|Session Recording Required| C[CyberArk or Delinea]\n    B --\u003e|Dynamic Secrets for Apps| D[HashiCorp Vault]\n    B --\u003e|AWS Native Workloads| E[AWS Secrets Manager]\n    B --\u003e|Hybrid Environment| F[Vault + Delinea]\n\n    C --\u003e G[Enterprise IT, Compliance]\n    D --\u003e H[DevOps, CI/CD, Microservices]\n    E --\u003e I[Lambda, ECS, Cloud-Native]\n    F --\u003e J[Best of Both Worlds]\n```\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ch3\u003eChallenge 4: Dynamic Secrets at Scale\u003c/h3\u003e\n\n\u003e *\"How do you eliminate standing privileges for database access?\"*\n\n**My Answer:** Generate credentials on-demand with automatic expiration.\n\n| Component | Description |\n|:----------|:------------|\n| **Database Secrets Engine** | PostgreSQL, MySQL, MSSQL support |\n| **Lease Management** | Credentials expire automatically |\n| **Role-Based Access** | Different TTLs for different roles |\n| **Audit Trail** | Every credential generation logged |\n| **Result** | No standing privileges, no credential sprawl |\n\n**Solution Architecture:**\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nsequenceDiagram\n    participant App as Application\n    participant Vault as HashiCorp Vault\n    participant DB as PostgreSQL\n\n    App-\u003e\u003eVault: Request database credentials\n    Vault-\u003e\u003eDB: CREATE ROLE with TTL\n    DB--\u003e\u003eVault: Role created\n    Vault--\u003e\u003eApp: Dynamic credentials (1h TTL)\n    App-\u003e\u003eDB: Connect with dynamic creds\n    Note over Vault: After 1 hour...\n    Vault-\u003e\u003eDB: DROP ROLE (automatic)\n```\n\n| Metric | Impact |\n|:------:|:------:|\n| Standing privileges | **Eliminated** |\n| Credential rotation | **Automatic** |\n| Audit coverage | **100%** |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ch3\u003eChallenge 5: Automated Password Rotation\u003c/h3\u003e\n\n\u003e *\"How do you rotate 1000 service account passwords without downtime?\"*\n\n**My Answer:** Coordinated rotation with verification and rollback.\n\n| Component | Description |\n|:----------|:------------|\n| **Rotation Policies** | Configurable schedules per secret type |\n| **Pre-Rotation Hooks** | Verify connectivity before rotation |\n| **Post-Rotation Verification** | Test new credentials before committing |\n| **Rollback Support** | Automatic rollback on verification failure |\n| **Result** | Zero-downtime rotation at scale |\n\n**Solution Architecture:**\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart TD\n    A[Rotation Triggered] --\u003e B[Pre-Rotation Check]\n    B --\u003e|Pass| C[Generate New Password]\n    B --\u003e|Fail| D[Abort and Alert]\n\n    C --\u003e E[Update Target System]\n    E --\u003e F[Post-Rotation Verify]\n\n    F --\u003e|Pass| G[Commit to Vault]\n    F --\u003e|Fail| H[Rollback]\n\n    G --\u003e I[Update Dependents]\n    H --\u003e J[Restore Previous]\n```\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### Architecture Decisions Summary\n\n| Problem | My Solution | Why It Works |\n|:-------:|:-----------:|:------------:|\n| Multi-vendor management | Unified abstraction layer | Single API, multiple platforms |\n| Cross-platform migration | Dry-run with field mapping | Zero-risk, auditable |\n| Platform selection | Feature comparison matrix | Match strengths to use cases |\n| Standing privileges | Dynamic secrets engine | On-demand with auto-expiration |\n| Password rotation | Coordinated with verification | Zero-downtime at scale |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Key Features\n\n### Core Capabilities\n\n| Feature | Description |\n|:-------:|:-----------:|\n| **Delinea Python Client** | Full OAuth2 authentication, CRUD operations, folder management |\n| **Unified PAM Client** | Single interface for Vault, Delinea, and AWS |\n| **Migration Tools** | Bi-directional with dry-run, field mapping, JSON reports |\n| **Award-Winning Dashboard** | Modern glassmorphism UI with real-time metrics |\n| **Rich CLI** | Professional terminal UI with progress bars |\n| **8 Lab Exercises** | Hands-on learning from basics to advanced |\n\n### Platform Support\n\n| Platform | Features |\n|:--------:|:---------|\n| **HashiCorp Vault** | KV v2, dynamic database credentials, PKI, transit encryption |\n| **Delinea Secret Server** | OAuth2, secret templates, folder hierarchy, search |\n| **AWS Secrets Manager** | Boto3 integration, rotation, cross-account access |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Architecture\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart TD\n    subgraph Frontend[\"Frontend Dashboard\"]\n        UI[Next.js 16 + React 19]\n        Design[Glassmorphism UI]\n        Charts[Recharts + Framer Motion]\n    end\n\n    subgraph CLI[\"CLI Layer\"]\n        A[delinea_client.py]\n        B[unified_pam_client.py]\n        C[vault_to_delinea.py]\n        D[delinea_to_vault.py]\n    end\n\n    subgraph Core[\"Core Libraries\"]\n        E[DelineaSecretServerClient]\n        F[UnifiedPAMClient]\n        G[VaultAdapter]\n        H[AWSAdapter]\n    end\n\n    subgraph Platforms[\"PAM Platforms\"]\n        I[HashiCorp Vault\u003cbr/\u003eDocker Container]\n        J[Delinea Secret Server\u003cbr/\u003eMock or Cloud]\n        K[AWS Secrets Manager\u003cbr/\u003eMock or Live]\n    end\n\n    subgraph Data[\"Target Systems\"]\n        L[(PostgreSQL)]\n        M[(MySQL)]\n        N[Linux Servers]\n        O[Windows Servers]\n    end\n\n    UI --\u003e F\n    Design --\u003e UI\n    Charts --\u003e UI\n    A --\u003e E\n    B --\u003e F\n    C --\u003e F\n    D --\u003e F\n    F --\u003e G\n    F --\u003e E\n    F --\u003e H\n    G --\u003e I\n    E --\u003e J\n    H --\u003e K\n    I --\u003e L\n    I --\u003e M\n    I --\u003e N\n    I --\u003e O\n```\n\n### Migration Flow\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%\nflowchart LR\n    A[Delinea Secret] --\u003e B[Read \u0026 Parse]\n    B --\u003e C[Detect Template]\n    C --\u003e D[Map Fields]\n    D --\u003e E{Dry Run?}\n    E --\u003e|Yes| F[Preview Report]\n    E --\u003e|No| G[Write to Vault]\n    G --\u003e H[Verify]\n    H --\u003e I[JSON Audit Log]\n```\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## CLI Reference\n\n### Delinea Client\n\n| Command | Description |\n|:--------|:------------|\n| `--mock status` | Check connection and secret count |\n| `--mock list` | List all secrets |\n| `--mock get \u003cid\u003e` | Retrieve secret by ID |\n| `--mock create` | Create new secret |\n| `--mock folders` | List folder hierarchy |\n| `--mock templates` | List available templates |\n| `--mock demo` | Run full demonstration |\n\n### Unified PAM Client\n\n| Command | Description |\n|:--------|:------------|\n| `detect` | Discover available platforms |\n| `health` | Health check all platforms |\n| `get \u003cid\u003e --platform` | Get secret from specific platform |\n| `compare` | Compare secrets across platforms |\n| `demo` | Run cross-platform demonstration |\n\n### Migration Tools\n\n| Command | Description |\n|:--------|:------------|\n| `migrate \u003cid\u003e --dry-run` | Preview single secret migration |\n| `folder \u003cid\u003e --base-path` | Migrate entire folder |\n| `--output report.json` | Generate JSON audit report |\n| `demo` | Run migration demonstration |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Lab Exercises\n\n| Lab | Topic | Duration | Level |\n|:---:|:-----:|:--------:|:-----:|\n| 01 | Vault Fundamentals | 30 min | Beginner |\n| 02 | KV Secrets Engine | 30 min | Beginner |\n| 03 | Dynamic Database Credentials | 45 min | Intermediate |\n| 04 | Automated Password Rotation | 45 min | Intermediate |\n| 05 | Audit and Compliance | 30 min | Intermediate |\n| 06 | Delinea Secret Server Basics | 30 min | Beginner |\n| 07 | Cross-Platform Migration | 45 min | Advanced |\n| 08 | Unified PAM Operations | 30 min | Advanced |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Platform Comparison\n\n| Feature | CyberArk | Delinea | Vault | AWS SM |\n|:--------|:--------:|:-------:|:-----:|:------:|\n| Password Vaulting | 5/5 | 4/5 | 4/5 | 3/5 |\n| Session Recording | 5/5 | 3/5 | 1/5 | 1/5 |\n| Account Discovery | 5/5 | 4/5 | 2/5 | 1/5 |\n| Dynamic Secrets | 3/5 | 2/5 | 5/5 | 2/5 |\n| API Automation | 5/5 | 3/5 | 5/5 | 5/5 |\n| Cloud Deployment | 3/5 | 4/5 | 5/5 | 5/5 |\n| Open Source | No | No | Yes | No |\n| Cost | $$$$$ | $$$ | $ | $$ |\n\n### My Recommendations\n\n| Scenario | Platform | Reason |\n|:---------|:--------:|:-------|\n| Large enterprise, strict compliance | CyberArk | Most comprehensive, industry standard |\n| Mid-market, faster deployment | Delinea | Good balance of features and complexity |\n| DevOps, cloud-native | HashiCorp Vault | Dynamic secrets, API-first design |\n| AWS-native workloads | AWS Secrets Manager | Native integration, no additional tools |\n| Hybrid architecture | Vault + Delinea | Best of both worlds |\n\n\u003c/div\u003e\n\n---\n\n\u003ch2 align=\"center\"\u003eQuick Start\u003c/h2\u003e\n\n\u003ch3 align=\"center\"\u003ePrerequisites\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003ePython 3.10+ | Node.js 20+ | Docker \u0026 Docker Compose | 8GB RAM\u003c/p\u003e\n\n### Installation\n\n```bash\n# Clone repository\ngit clone https://github.com/MikeDominic92/Pam-MultiVendor-Lab.git\ncd Pam-MultiVendor-Lab\n\n# Set up Python environment\npython -m venv venv\nsource venv/bin/activate  # Windows: venv\\Scripts\\activate\npip install -r scripts/requirements.txt\n\n# Configure environment\ncp .env.example .env\n\n# Start Vault (Docker)\ncd vault\ndocker-compose up -d\n./scripts/init-vault.sh\n```\n\n### Run Frontend Dashboard\n\n```bash\n# Navigate to frontend\ncd frontend\n\n# Install dependencies\nnpm install\n\n# Start development server\nnpm run dev\n\n# Visit http://localhost:3000\n```\n\n### Run CLI Demos (No Credentials Required)\n\n```bash\n# Delinea client demo\npython scripts/delinea_client.py --mock demo\n\n# Unified PAM client demo\npython scripts/unified_pam_client.py demo\n\n# Migration demo\npython scripts/delinea_to_vault.py demo\n```\n\n---\n\n\u003ch2 align=\"center\"\u003eProject Structure\u003c/h2\u003e\n\n```\nPam-MultiVendor-Lab/\n|-- frontend/                      # Next.js 16 Dashboard\n|   |-- src/\n|   |   |-- app/                   # App router pages\n|   |   |   |-- page.tsx           # Security Dashboard\n|   |   |   |-- secrets/           # Secrets Browser\n|   |   |   |-- credentials/       # Dynamic Credentials\n|   |   |   |-- pki/               # PKI Authority\n|   |   |   |-- audit/             # Audit \u0026 Policies\n|   |   |   `-- globals.css        # Design system\n|   |   |-- components/\n|   |   |   |-- layout/            # VaultShell, Sidebar, Header\n|   |   |   |-- dashboard/         # VaultDoor visualization\n|   |   |   |-- ui/                # GlassButton, NeonBadge, Toast, etc.\n|   |   |   `-- providers/         # ClientProviders (Toast)\n|   |   `-- lib/\n|   |       |-- utils.ts           # Utility functions\n|   |       `-- hooks/             # useReducedMotion, etc.\n|-- scripts/\n|   |-- delinea_client.py          # Delinea Secret Server Python client\n|   |-- unified_pam_client.py      # Cross-platform PAM abstraction\n|   |-- vault_client.py            # HashiCorp Vault operations\n|   |-- vault_to_delinea.py        # Migration: Vault -\u003e Delinea\n|   |-- delinea_to_vault.py        # Migration: Delinea -\u003e Vault\n|   |-- config.py                  # Unified configuration\n|   `-- aws/                       # AWS Secrets Manager integration\n|-- vault/\n|   |-- config/                    # Vault configuration files\n|   |-- policies/                  # ACL policies\n|   `-- scripts/                   # Initialization scripts\n|-- delinea/\n|   |-- api-examples/              # Python API examples\n|   |-- powershell/                # PowerShell scripts\n|   `-- templates/                 # Secret template definitions\n|-- labs/                          # 8 hands-on exercises\n|-- docs/                          # Documentation\n|-- assets/                        # Screenshots and diagrams\n`-- monitoring/                    # Prometheus \u0026 Grafana\n```\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Certifications Aligned\n\nThis lab supports preparation for:\n\n| Certification | Alignment |\n|:-------------:|:----------|\n| **CyberArk PAM-DEF** | Vault concepts map to CyberArk components |\n| **Delinea Security Academy** | Direct Delinea Secret Server experience |\n| **HashiCorp Vault Associate** | Full Vault operations coverage |\n| **HashiCorp Vault Operations Professional** | Advanced patterns and automation |\n| **AWS Security Specialty** | Secrets Manager integration |\n\n\u003c/div\u003e\n\n\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Built With\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Python-3776AB?style=for-the-badge\u0026logo=python\u0026logoColor=white\" alt=\"Python\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Next.js-000000?style=for-the-badge\u0026logo=nextdotjs\u0026logoColor=white\" alt=\"Next.js\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/React-61DAFB?style=for-the-badge\u0026logo=react\u0026logoColor=black\" alt=\"React\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/TailwindCSS-06B6D4?style=for-the-badge\u0026logo=tailwindcss\u0026logoColor=white\" alt=\"TailwindCSS\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Framer_Motion-0055FF?style=for-the-badge\u0026logo=framer\u0026logoColor=white\" alt=\"Framer Motion\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Docker-2496ED?style=for-the-badge\u0026logo=docker\u0026logoColor=white\" alt=\"Docker\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Vault-F7931A?style=for-the-badge\u0026logo=vault\u0026logoColor=white\" alt=\"Vault\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/AWS-FF9900?style=for-the-badge\u0026logo=amazonaws\u0026logoColor=white\" alt=\"AWS\"/\u003e\n\u003c/p\u003e\n\n| Category | Technologies |\n|:--------:|:-------------|\n| **PAM Platforms** | HashiCorp Vault 1.15+, Delinea Secret Server, AWS Secrets Manager |\n| **Frontend** | Next.js 16, React 19, TailwindCSS v4, Framer Motion v12, Recharts |\n| **Languages** | Python 3.10+, TypeScript, PowerShell, Bash |\n| **Libraries** | hvac, python-tss-sdk, boto3, click, rich, pydantic |\n| **Infrastructure** | Docker Compose, Prometheus, Grafana |\n| **Databases** | PostgreSQL, MySQL (for dynamic secrets) |\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Author\n\n**Dominic M. Hoang**\n\nGitHub: [@MikeDominic92](https://github.com/MikeDominic92)\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n## Related Projects\n\n| Project | Description |\n|:-------:|:-----------:|\n| [VendorAuditAI](https://github.com/MikeDominic92/VendorAuditAI) | AI-powered third-party risk management platform |\n| [ai-access-sentinel](https://github.com/MikeDominic92/ai-access-sentinel) | ITDR platform with ML-powered anomaly detection |\n| [entra-id-governance](https://github.com/MikeDominic92/entra-id-governance) | Microsoft Entra ID governance toolkit |\n| [keyless-kingdom](https://github.com/MikeDominic92/keyless-kingdom) | Multi-cloud workload identity federation |\n| [okta-sso-hub](https://github.com/MikeDominic92/okta-sso-hub) | Enterprise SSO with SAML, OIDC, SCIM |\n\n\u003c/div\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003ePAM Multi-Vendor Lab\u003c/strong\u003e\n  \u003cbr/\u003e\n  \u003csub\u003eEnterprise PAM expertise across CyberArk, Delinea, Thycotic, and HashiCorp ecosystems.\u003c/sub\u003e\n  \u003cbr/\u003e\n  \u003csub\u003eFeaturing a modern cybersecurity dashboard with dark glassmorphism design.\u003c/sub\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003ca href=\"https://pam-multivendor-lab.netlify.app/\"\u003eLive Demo\u003c/a\u003e |\n  \u003ca href=\"https://github.com/MikeDominic92/Pam-MultiVendor-Lab\"\u003eGitHub\u003c/a\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  MIT License - Copyright 2026 Dominic M. Hoang\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikedominic92%2Fpam-multivendor-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikedominic92%2Fpam-multivendor-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikedominic92%2Fpam-multivendor-lab/lists"}