Protecting against unapproved changes to Adaptable Log Channel scripts

Venafi's Adaptable drivers—such as Adaptable CA, Adaptable Application, Adaptable Bulk Provisioning, and Adaptable Log Channel—rely on PowerShell scripts stored in the \Venafi\Scripts\AdaptableDriverName directory on Trust Protection Platform servers. To ensure the integrity of these scripts, Trust Protection Platform supports signed scripts.

Because other people might have access to the server that is running Trust Protection Platform, they could modify your PowerShell scripts without your knowledge, either accidentally or intentionally. However, with signed scripts, any modifications made to the script will result in a failed signature validation, and the script will not be executed.

To protect against unapproved changes to your scripts, Trust Protection Platform monitors PowerShell script files that are being used by existing Adaptable objects. If a new script is used or a PowerShell script is modified on the file system, Trust Protection Platform displays a warning and you'll need to re-validate the script.

This security feature helps to prevent potentially harmful modifications to your scripts from being run.

IMPORTANT Because of this security feature, following an upgrade to Trust Protection Platform, you must take specific steps on all existing Adaptable objects in order for them to be re-enabled. Refer to the documentation for each Adaptable driver for details.

To use VCC to re-enable an Adaptable Log Channel driver after a script change

From Venafi Configuration Console (VCC), navigate to the Tools > Logging > Channels node.
Locate the adaptable log channel whose script was modified.
In the Actions panel, click Properties.
Click Save.