Hey all - looking for some advice. I need to write either a plugin or a module to interact with Thycotic Secret Server. In most cases, my code will simply retrieve a credential from Thycotic, so a lookup plugin makes perfect sense. However, there are cases where a specific credential doesn’t yet exist in Thycotic, so my code will tell Thycotic to generate a credential, store it in Thycotic, and then return it. The rub here is then we have a side effect; if a credential doesn’t exist, it gets created, stored, and returned. Generally speaking, I tend to view lookup plugins as being read only, so the idea that a lookup plugin would WRITE data is counterintuitive (to me). However, I see the passwordstore plugin also has side effects, so perhaps this isn’t so bad. But I could also write a module (delegated to the control machine) to accomplish the functionality I need, and modules certainly can have side effects. Any opinions from the Core community on which way I should lean? Are lookup plugin side effects really that bad, or am I overreacting?
Appreciate your thoughts. Thanks.
Rob