Yes, secure action parameters remain limiting. Overcoming these limitations is something that hopefully HCL takes seriously as it would be helpful to many folks.
My organization uses an OpenSSL-based approach that is a superset of the original Local User Management functionality offered in Bigfix Labs. While it isn’t officially supported and does that some legwork to get set up. It pays off by offering these benefits.
- Encrypt once to thousands of machines versus needing to spend root server cycles encrypting the same thing 1000s of times over uniquely for each client (in the client mailbox approach).
- Anything supported by OpenSSL encryption is fair game, not just limited to passwords. Keys, passphrases, files, licenses, etc.
- Target groups, not limited to specific individual machines.
- Target machines that are not yet created via dynamic groups and policy actions (very helpful in automated build scenarios).
HCL, are you listening? It would be HUGE to offer functionality like this natively within Bigfix. It is a common need across platforms and industries.
Discussion on this from a while back that still applies today is here.
This thread discusses some of the mechanics behind the approach.