An open API service indexing awesome lists of open source software.

https://github.com/mikedominic92/pam-multivendor-lab

Enterprise PAM demonstration - HashiCorp Vault + Delinea Secret Server with cross-platform automation, migration tooling, and architecture comparison
https://github.com/mikedominic92/pam-multivendor-lab

ansible automation cyberark cybersecurity delinea devops docker hashicorp-vault identity-management pam privileged-access privileged-access-management python secret-server secrets-management

Last synced: 3 months ago
JSON representation

Enterprise PAM demonstration - HashiCorp Vault + Delinea Secret Server with cross-platform automation, migration tooling, and architecture comparison

Awesome Lists containing this project

README

          

PAM Multi-Vendor Lab


Enterprise Privileged Access Management Platform


Vault
Delinea
AWS
Python
Next.js


Platforms
Labs
Design



Live Demo

---

### What is PAM Multi-Vendor Lab?

**PAM Multi-Vendor Lab is a production-ready demonstration of enterprise privileged access management across HashiCorp Vault, Delinea Secret Server, and AWS Secrets Manager - featuring a modern cybersecurity dashboard with glassmorphism design.**

### The Problem It Solves

Modern enterprises rarely use a single PAM solution. CyberArk dominates large enterprise. Delinea serves mid-market. Vault powers DevOps. AWS Secrets Manager handles cloud workloads. PAM architects need expertise across all platforms, but vendor-specific training and isolated lab environments make cross-platform skills difficult to develop.

### The Solution

PAM Multi-Vendor Lab provides a unified environment to learn, compare, and automate across three major PAM platforms. A Python abstraction layer enables cross-platform secret management. Migration tools move secrets bidirectionally between platforms. Mock modes allow full demonstrations without live credentials.

**Result: Multi-vendor PAM expertise. Cross-platform automation. Zero licensing cost.**

---


Live Demo |
Screenshots |
Problem Solving |
Features |
Architecture |
Quick Start

---

## Platform Screenshots

**Dashboard with Dark Glassmorphism Design**


View Live Demo

### Security Dashboard

Security Dashboard

*Real-time security metrics with multi-platform monitoring across Vault, Delinea, and AWS*

| Feature | Description |
|:--------|:------------|
| **Glassmorphism Cards** | Frosted glass panels with backdrop blur and subtle borders |
| **Animated Stat Cards** | Real-time metrics (2,847 secrets, 156 active sessions, 45.2K API requests) |
| **Vault Status** | Live vault seal status with unseal key visualization |
| **Platform Health** | Connection status for Delinea (847 secrets), AWS (1,234 secrets), HashiCorp Vault |
| **Active Leases** | Dynamic credential countdown timers with role information |
| **API Request Volume** | Area chart showing 24-hour request and error trends |
| **Platform Distribution** | Pie chart breakdown of secrets by platform |
| **System Health** | CPU, Memory, and Storage utilization rings |

---

### Secrets Browser

Secrets Browser

*Unified secret management across all connected PAM platforms*

| Feature | Description |
|:--------|:------------|
| **Tree Navigator** | Hierarchical view of secrets organized by platform (Delinea, AWS, Vault) |
| **Folder Structure** | IT Infrastructure, API Keys, and custom folder organization |
| **Secret Details** | Full secret view with server, database, username, and password fields |
| **Version History** | Track changes with actor attribution and timestamps |
| **Platform Badges** | Visual indicators showing source platform for each secret |
| **Copy Actions** | One-click copy for sensitive field values |

---

### Dynamic Credentials

Dynamic Credentials

*Just-in-time credential generation with automatic expiration*

| Feature | Description |
|:--------|:------------|
| **Credential Generator** | Request credentials for Database (PostgreSQL, MySQL, MSSQL) or AWS IAM |
| **Role Selection** | Choose from read-only, admin, deployer, and custom roles |
| **TTL Configuration** | Set lease duration from 15 minutes to 24 hours |
| **Active Leases Table** | Monitor all active credentials with expiration countdowns |
| **Platform Indicators** | Visual badges showing credential type (Database, AWS, PKI) |
| **Auto-Rotation Stats** | Track average TTL and credential lifecycle metrics |

---

### PKI Authority

PKI Authority

*Enterprise certificate management with visual trust chain hierarchy*

| Feature | Description |
|:--------|:------------|
| **Certificate Metrics** | Active certs (1,247), Expiring (12), Revoked (34), Issued today (89) |
| **Issue Certificate Wizard** | Generate certificates for Web Server, Internal Service, or Client Auth |
| **Certificate Chain Visualization** | Interactive tree showing Root CA → Intermediate CAs → End entities |
| **Expiring Soon Alerts** | Proactive warnings for certificates nearing expiration |
| **Revocation Status** | Health status and online/offline CRL distribution points |
| **Common Name Input** | Domain validation with real-time formatting |

---

### Audit & Policies

Audit & Policies - Policy Editor

*HCL policy editor with security scoring and capability analysis*

| Feature | Description |
|:--------|:------------|
| **ACL Policy List** | Manage admin-policy, app-read-only, pki-issuer, db-creds-rotator, deployment-bot |
| **HCL Policy Editor** | Syntax-highlighted editor with line numbers and path definitions |
| **Capabilities Display** | Visual badges for READ, LIST, CREATE, UPDATE, DENY permissions |
| **Path Coverage** | Track the number of paths protected by each policy |
| **Security Score** | A-F grading based on least-privilege compliance |
| **Create New Policy** | Guided workflow for defining new access policies |

---

### Live Audit Stream

Live Audit Stream

*Real-time access monitoring across all PAM platforms*

| Feature | Description |
|:--------|:------------|
| **12,847 Total Events** | Comprehensive audit trail with 23 denied requests |
| **Live Event Stream** | Real-time updates with timestamp, action type, and path |
| **Platform Filtering** | View events from Vault, Delinea, or AWS independently |
| **Action Type Badges** | Color-coded Read, Update, Create, Delete, List operations |
| **Actor Attribution** | Track which service accounts and users performed actions |
| **Export Capability** | Download audit logs for compliance and forensics |

---

Technical Problem Solving

Real enterprise PAM challenges and the architectural solutions I built to solve them.

Challenge 1: Multi-Vendor Secret Management

> *"How do you manage secrets across Vault, Delinea, and AWS with a single workflow?"*

**My Answer:** Abstract the platforms behind a unified interface.

| Component | Description |
|:----------|:------------|
| **Platform Adapters** | VaultAdapter, DelineaAdapter, AWSAdapter with consistent methods |
| **UnifiedSecret Model** | Platform-agnostic secret representation |
| **Auto-Detection** | Discover available platforms from environment |
| **Health Monitoring** | Check connectivity across all platforms simultaneously |
| **Result** | One API, three platforms, zero vendor lock-in |

**Solution Architecture:**

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
subgraph App["Application Layer"]
A[Unified PAM Client]
end

subgraph Adapters["Platform Adapters"]
B[VaultAdapter]
C[DelineaAdapter]
D[AWSAdapter]
end

subgraph Platforms["PAM Platforms"]
E[HashiCorp Vault]
F[Delinea Secret Server]
G[AWS Secrets Manager]
end

A --> B
A --> C
A --> D
B --> E
C --> F
D --> G
```

| Metric | Impact |
|:------:|:------:|
| Platforms supported | **3** |
| API consistency | **100%** |
| Vendor lock-in | **Eliminated** |

---

Challenge 2: Cross-Platform Migration

> *"How do you migrate 500 secrets from Delinea to Vault without data loss?"*

**My Answer:** Dry-run everything. Map fields intelligently. Generate audit trails.

| Component | Description |
|:----------|:------------|
| **Dry-Run Mode** | Preview migration without executing |
| **Field Mapping** | Delinea fields map to Vault paths automatically |
| **Template Detection** | Windows Account, Unix SSH, Database, API Key templates |
| **Path Recommendation** | Intelligent Vault path suggestions based on secret type |
| **JSON Reports** | Complete audit trail of migration operations |
| **Result** | Zero-risk migration with full visibility |

**Solution Architecture:**

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart LR
subgraph Source["Source Platform"]
A[Delinea Secret Server]
B[Secret with Template]
end

subgraph Migration["Migration Engine"]
C[Read Secret]
D[Detect Template Type]
E[Map Fields]
F[Generate Vault Path]
G[Dry-Run Preview]
end

subgraph Target["Target Platform"]
H[HashiCorp Vault]
I[KV v2 Secret]
end

A --> B --> C --> D --> E --> F --> G --> H --> I
```

---

Challenge 3: Platform Selection

> *"When should I use Vault vs Delinea vs CyberArk vs AWS?"*

**My Answer:** Match platform strengths to use case requirements.

| Platform | Strength | Best For | Weakness |
|:---------|:---------|:---------|:---------|
| **CyberArk** | Session recording, discovery | Large enterprise, compliance | Cost, complexity |
| **Delinea** | Faster deployment, mid-market | IT teams, Windows environments | Less cloud-native |
| **HashiCorp Vault** | Dynamic secrets, API-first | DevOps, microservices, CI/CD | No session recording |
| **AWS Secrets Manager** | Native AWS integration | Lambda, ECS, cloud workloads | AWS-only |

**Solution Architecture:**

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
A[PAM Platform Selection] --> B{Use Case?}

B -->|Session Recording Required| C[CyberArk or Delinea]
B -->|Dynamic Secrets for Apps| D[HashiCorp Vault]
B -->|AWS Native Workloads| E[AWS Secrets Manager]
B -->|Hybrid Environment| F[Vault + Delinea]

C --> G[Enterprise IT, Compliance]
D --> H[DevOps, CI/CD, Microservices]
E --> I[Lambda, ECS, Cloud-Native]
F --> J[Best of Both Worlds]
```

---

Challenge 4: Dynamic Secrets at Scale

> *"How do you eliminate standing privileges for database access?"*

**My Answer:** Generate credentials on-demand with automatic expiration.

| Component | Description |
|:----------|:------------|
| **Database Secrets Engine** | PostgreSQL, MySQL, MSSQL support |
| **Lease Management** | Credentials expire automatically |
| **Role-Based Access** | Different TTLs for different roles |
| **Audit Trail** | Every credential generation logged |
| **Result** | No standing privileges, no credential sprawl |

**Solution Architecture:**

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
sequenceDiagram
participant App as Application
participant Vault as HashiCorp Vault
participant DB as PostgreSQL

App->>Vault: Request database credentials
Vault->>DB: CREATE ROLE with TTL
DB-->>Vault: Role created
Vault-->>App: Dynamic credentials (1h TTL)
App->>DB: Connect with dynamic creds
Note over Vault: After 1 hour...
Vault->>DB: DROP ROLE (automatic)
```

| Metric | Impact |
|:------:|:------:|
| Standing privileges | **Eliminated** |
| Credential rotation | **Automatic** |
| Audit coverage | **100%** |

---

Challenge 5: Automated Password Rotation

> *"How do you rotate 1000 service account passwords without downtime?"*

**My Answer:** Coordinated rotation with verification and rollback.

| Component | Description |
|:----------|:------------|
| **Rotation Policies** | Configurable schedules per secret type |
| **Pre-Rotation Hooks** | Verify connectivity before rotation |
| **Post-Rotation Verification** | Test new credentials before committing |
| **Rollback Support** | Automatic rollback on verification failure |
| **Result** | Zero-downtime rotation at scale |

**Solution Architecture:**

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
A[Rotation Triggered] --> B[Pre-Rotation Check]
B -->|Pass| C[Generate New Password]
B -->|Fail| D[Abort and Alert]

C --> E[Update Target System]
E --> F[Post-Rotation Verify]

F -->|Pass| G[Commit to Vault]
F -->|Fail| H[Rollback]

G --> I[Update Dependents]
H --> J[Restore Previous]
```

---

### Architecture Decisions Summary

| Problem | My Solution | Why It Works |
|:-------:|:-----------:|:------------:|
| Multi-vendor management | Unified abstraction layer | Single API, multiple platforms |
| Cross-platform migration | Dry-run with field mapping | Zero-risk, auditable |
| Platform selection | Feature comparison matrix | Match strengths to use cases |
| Standing privileges | Dynamic secrets engine | On-demand with auto-expiration |
| Password rotation | Coordinated with verification | Zero-downtime at scale |

---

## Key Features

### Core Capabilities

| Feature | Description |
|:-------:|:-----------:|
| **Delinea Python Client** | Full OAuth2 authentication, CRUD operations, folder management |
| **Unified PAM Client** | Single interface for Vault, Delinea, and AWS |
| **Migration Tools** | Bi-directional with dry-run, field mapping, JSON reports |
| **Award-Winning Dashboard** | Modern glassmorphism UI with real-time metrics |
| **Rich CLI** | Professional terminal UI with progress bars |
| **8 Lab Exercises** | Hands-on learning from basics to advanced |

### Platform Support

| Platform | Features |
|:--------:|:---------|
| **HashiCorp Vault** | KV v2, dynamic database credentials, PKI, transit encryption |
| **Delinea Secret Server** | OAuth2, secret templates, folder hierarchy, search |
| **AWS Secrets Manager** | Boto3 integration, rotation, cross-account access |

---

## Architecture

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
subgraph Frontend["Frontend Dashboard"]
UI[Next.js 16 + React 19]
Design[Glassmorphism UI]
Charts[Recharts + Framer Motion]
end

subgraph CLI["CLI Layer"]
A[delinea_client.py]
B[unified_pam_client.py]
C[vault_to_delinea.py]
D[delinea_to_vault.py]
end

subgraph Core["Core Libraries"]
E[DelineaSecretServerClient]
F[UnifiedPAMClient]
G[VaultAdapter]
H[AWSAdapter]
end

subgraph Platforms["PAM Platforms"]
I[HashiCorp Vault
Docker Container]
J[Delinea Secret Server
Mock or Cloud]
K[AWS Secrets Manager
Mock or Live]
end

subgraph Data["Target Systems"]
L[(PostgreSQL)]
M[(MySQL)]
N[Linux Servers]
O[Windows Servers]
end

UI --> F
Design --> UI
Charts --> UI
A --> E
B --> F
C --> F
D --> F
F --> G
F --> E
F --> H
G --> I
E --> J
H --> K
I --> L
I --> M
I --> N
I --> O
```

### Migration Flow

```mermaid
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart LR
A[Delinea Secret] --> B[Read & Parse]
B --> C[Detect Template]
C --> D[Map Fields]
D --> E{Dry Run?}
E -->|Yes| F[Preview Report]
E -->|No| G[Write to Vault]
G --> H[Verify]
H --> I[JSON Audit Log]
```

---

## CLI Reference

### Delinea Client

| Command | Description |
|:--------|:------------|
| `--mock status` | Check connection and secret count |
| `--mock list` | List all secrets |
| `--mock get ` | Retrieve secret by ID |
| `--mock create` | Create new secret |
| `--mock folders` | List folder hierarchy |
| `--mock templates` | List available templates |
| `--mock demo` | Run full demonstration |

### Unified PAM Client

| Command | Description |
|:--------|:------------|
| `detect` | Discover available platforms |
| `health` | Health check all platforms |
| `get --platform` | Get secret from specific platform |
| `compare` | Compare secrets across platforms |
| `demo` | Run cross-platform demonstration |

### Migration Tools

| Command | Description |
|:--------|:------------|
| `migrate --dry-run` | Preview single secret migration |
| `folder --base-path` | Migrate entire folder |
| `--output report.json` | Generate JSON audit report |
| `demo` | Run migration demonstration |

---

## Lab Exercises

| Lab | Topic | Duration | Level |
|:---:|:-----:|:--------:|:-----:|
| 01 | Vault Fundamentals | 30 min | Beginner |
| 02 | KV Secrets Engine | 30 min | Beginner |
| 03 | Dynamic Database Credentials | 45 min | Intermediate |
| 04 | Automated Password Rotation | 45 min | Intermediate |
| 05 | Audit and Compliance | 30 min | Intermediate |
| 06 | Delinea Secret Server Basics | 30 min | Beginner |
| 07 | Cross-Platform Migration | 45 min | Advanced |
| 08 | Unified PAM Operations | 30 min | Advanced |

---

## Platform Comparison

| Feature | CyberArk | Delinea | Vault | AWS SM |
|:--------|:--------:|:-------:|:-----:|:------:|
| Password Vaulting | 5/5 | 4/5 | 4/5 | 3/5 |
| Session Recording | 5/5 | 3/5 | 1/5 | 1/5 |
| Account Discovery | 5/5 | 4/5 | 2/5 | 1/5 |
| Dynamic Secrets | 3/5 | 2/5 | 5/5 | 2/5 |
| API Automation | 5/5 | 3/5 | 5/5 | 5/5 |
| Cloud Deployment | 3/5 | 4/5 | 5/5 | 5/5 |
| Open Source | No | No | Yes | No |
| Cost | $$$$$ | $$$ | $ | $$ |

### My Recommendations

| Scenario | Platform | Reason |
|:---------|:--------:|:-------|
| Large enterprise, strict compliance | CyberArk | Most comprehensive, industry standard |
| Mid-market, faster deployment | Delinea | Good balance of features and complexity |
| DevOps, cloud-native | HashiCorp Vault | Dynamic secrets, API-first design |
| AWS-native workloads | AWS Secrets Manager | Native integration, no additional tools |
| Hybrid architecture | Vault + Delinea | Best of both worlds |

---

Quick Start

Prerequisites

Python 3.10+ | Node.js 20+ | Docker & Docker Compose | 8GB RAM

### Installation

```bash
# Clone repository
git clone https://github.com/MikeDominic92/Pam-MultiVendor-Lab.git
cd Pam-MultiVendor-Lab

# Set up Python environment
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r scripts/requirements.txt

# Configure environment
cp .env.example .env

# Start Vault (Docker)
cd vault
docker-compose up -d
./scripts/init-vault.sh
```

### Run Frontend Dashboard

```bash
# Navigate to frontend
cd frontend

# Install dependencies
npm install

# Start development server
npm run dev

# Visit http://localhost:3000
```

### Run CLI Demos (No Credentials Required)

```bash
# Delinea client demo
python scripts/delinea_client.py --mock demo

# Unified PAM client demo
python scripts/unified_pam_client.py demo

# Migration demo
python scripts/delinea_to_vault.py demo
```

---

Project Structure

```
Pam-MultiVendor-Lab/
|-- frontend/ # Next.js 16 Dashboard
| |-- src/
| | |-- app/ # App router pages
| | | |-- page.tsx # Security Dashboard
| | | |-- secrets/ # Secrets Browser
| | | |-- credentials/ # Dynamic Credentials
| | | |-- pki/ # PKI Authority
| | | |-- audit/ # Audit & Policies
| | | `-- globals.css # Design system
| | |-- components/
| | | |-- layout/ # VaultShell, Sidebar, Header
| | | |-- dashboard/ # VaultDoor visualization
| | | |-- ui/ # GlassButton, NeonBadge, Toast, etc.
| | | `-- providers/ # ClientProviders (Toast)
| | `-- lib/
| | |-- utils.ts # Utility functions
| | `-- hooks/ # useReducedMotion, etc.
|-- scripts/
| |-- delinea_client.py # Delinea Secret Server Python client
| |-- unified_pam_client.py # Cross-platform PAM abstraction
| |-- vault_client.py # HashiCorp Vault operations
| |-- vault_to_delinea.py # Migration: Vault -> Delinea
| |-- delinea_to_vault.py # Migration: Delinea -> Vault
| |-- config.py # Unified configuration
| `-- aws/ # AWS Secrets Manager integration
|-- vault/
| |-- config/ # Vault configuration files
| |-- policies/ # ACL policies
| `-- scripts/ # Initialization scripts
|-- delinea/
| |-- api-examples/ # Python API examples
| |-- powershell/ # PowerShell scripts
| `-- templates/ # Secret template definitions
|-- labs/ # 8 hands-on exercises
|-- docs/ # Documentation
|-- assets/ # Screenshots and diagrams
`-- monitoring/ # Prometheus & Grafana
```

---

## Certifications Aligned

This lab supports preparation for:

| Certification | Alignment |
|:-------------:|:----------|
| **CyberArk PAM-DEF** | Vault concepts map to CyberArk components |
| **Delinea Security Academy** | Direct Delinea Secret Server experience |
| **HashiCorp Vault Associate** | Full Vault operations coverage |
| **HashiCorp Vault Operations Professional** | Advanced patterns and automation |
| **AWS Security Specialty** | Secrets Manager integration |

---

## Built With


Python
Next.js
React
TailwindCSS
Framer Motion


Docker
Vault
AWS

| Category | Technologies |
|:--------:|:-------------|
| **PAM Platforms** | HashiCorp Vault 1.15+, Delinea Secret Server, AWS Secrets Manager |
| **Frontend** | Next.js 16, React 19, TailwindCSS v4, Framer Motion v12, Recharts |
| **Languages** | Python 3.10+, TypeScript, PowerShell, Bash |
| **Libraries** | hvac, python-tss-sdk, boto3, click, rich, pydantic |
| **Infrastructure** | Docker Compose, Prometheus, Grafana |
| **Databases** | PostgreSQL, MySQL (for dynamic secrets) |

---

## Author

**Dominic M. Hoang**

GitHub: [@MikeDominic92](https://github.com/MikeDominic92)

---

## Related Projects

| Project | Description |
|:-------:|:-----------:|
| [VendorAuditAI](https://github.com/MikeDominic92/VendorAuditAI) | AI-powered third-party risk management platform |
| [ai-access-sentinel](https://github.com/MikeDominic92/ai-access-sentinel) | ITDR platform with ML-powered anomaly detection |
| [entra-id-governance](https://github.com/MikeDominic92/entra-id-governance) | Microsoft Entra ID governance toolkit |
| [keyless-kingdom](https://github.com/MikeDominic92/keyless-kingdom) | Multi-cloud workload identity federation |
| [okta-sso-hub](https://github.com/MikeDominic92/okta-sso-hub) | Enterprise SSO with SAML, OIDC, SCIM |

---


PAM Multi-Vendor Lab


Enterprise PAM expertise across CyberArk, Delinea, Thycotic, and HashiCorp ecosystems.


Featuring a modern cybersecurity dashboard with dark glassmorphism design.



Live Demo |
GitHub



MIT License - Copyright 2026 Dominic M. Hoang