CyberArk Safe Search & Permission Granting

RobertSafeFactory.ps1

Import-Module psPAS

### VARIABLES

# Base URI to PVWA as validated on the certificate
$baseURI = "https://cyberark.joegarcia.dev"
# API Automation Username
$userName = "Svc_RESTAPI"

### LOGIN
try {
    New-PASSession -Credential $apiCredentials -BaseURI $baseURI -Type CyberArk -ErrorAction Stop

    Write-Host "Securely logged into CyberArk Web Services"
} catch {
    Write-Host "[ ERROR ] Could not login to CyberArk Web Services" -ForegroundColor Red
    Exit
}

### SEARCH FOR SAFE
try {
    $safesFound = Find-PASSafe -search "P-WND-DOM" -ErrorAction Stop

    Write-Host "Found " + $safesFound.Length + " safes."
} catch {
    Write-Host "[ ERROR ] Could not find any safes." -ForegroundColor Red
}

foreach ($safeName in $safesFound.SafeName) {
    ### SEARCH FOR API AUTOMATION USER ON SAFE
    try {
        Get-PASSafeMember -member $userName -Safe $safeName -ErrorAction Stop 
    } catch {
        try {
            Add-PASSafeMember -SafeName $safeName -MemberName $userName -SearchIn "Vault" -ListAccounts $true `
                -AddAccounts $true -UpdateAccountContent $true -UpdateAccountProperties $true -InitiateCPMAccountManagementOperations $true `
                -ManageSafeMembers $true -ViewAuditLog $true -ViewSafeMembers $true `
                -AccessWithoutConfirmation $true -ErrorAction Stop
        
            Write-Host "Added the API Automation User to ${safeName}."
        } catch {
            Write-Host "[ ERROR ] Could not add API Automation User member to safe" -ForegroundColor Red
            Exit
        }
    }
}

### LOGOUT
try {
    Close-PASSession -ErrorAction Stop

    Write-Host "Logged off CyberArk Web Services"
} catch {
    Write-Host "[ ERROR ] Could not logoff CyberArk Web Services - auto-logoff will occur in 20 minutes" -ForegroundColor Red
    Exit
}

Write-Host "Script complete!" -ForegroundColor Green