Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/duo
Overview
11Tables
Versions
GitHub
steampipe plugin install duo

Table: duo_token - Query Duo Security Tokens using SQL

Duo Security is a cloud-based trusted access provider protecting the world's fastest-growing and largest companies and thousands of organizations worldwide, including Dresser-Rand, Etsy, Facebook, K-Swiss, Random House, Yelp, Zillow, Paramount Pictures, and more. Duo Security's innovative and easy-to-use technology can be quickly deployed to protect users, data, and applications from breaches, credential theft, and account takeover. Token is a hardware device that generates passcodes for login to Duo-protected services and applications.

Table Usage Guide

The duo_token table provides insights into Duo Security Tokens, which are integral to the two-factor authentication process. As a security engineer, explore token-specific details through this table, including token type, serial number, and associated users. Utilize it to manage and track the usage of tokens within your organization, ensuring appropriate distribution and usage.

Examples

List all tokens

select
  serial,
  token_id,
  type
from
  duo_token
order by
  serial;
select
  serial,
  token_id,
  type
from
  duo_token
order by
  serial;

Tokens and their users

select
  t.serial,
  u ->> 'username' as username
from
  duo_token as t,
  jsonb_array_elements(t.users) as u
order by
  serial,
  username;
select
  t.serial,
  json_extract(u.value, '$.username') as username
from
  duo_token as t,
  json_each(t.users) as u
order by
  t.serial,
  username;

Tokens by platform

select
  type,
  count(*)
from
  duo_token
group by
  type
order by
  type;
select
  type,
  count(*)
from
  duo_token
group by
  type
order by
  type;

Schema for duo_token

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
serialtextThe serial number of the hardware token; used to uniquely identify the hardware token when paired with type.
token_idtext=The token's ID.
totp_steptextValue is null for all supported token types.
typetextSpecify a type and serial number to look up a single hardware token. One of: h6 (HOTP-6 hardware token), h8 (HOTP-8 hardware token), yk (YubiKey AES hardware token), d1 (Duo-D100 hardware token).
usersjsonbA list of end users associated with this hardware token.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo

You can pass the configuration to the command with the --config argument:

steampipe_export_duo --config '<your_config>' duo_token