Last active
June 14, 2022 13:10
-
-
Save peetrike/f5eb4150853d056fb0d0c679876d9d97 to your computer and use it in GitHub Desktop.
SecretServer - sample scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 5.1 | |
| #Requires -Modules Thycotic.SecretServer | |
| [CmdletBinding( | |
| SupportsShouldProcess | |
| )] | |
| param ( | |
| [parameter( | |
| Mandatory, | |
| ParameterSetName = 'FolderName' | |
| )] | |
| [Alias('SecretServerFolder')] | |
| [string] | |
| $TssFolderName, | |
| [parameter( | |
| Mandatory, | |
| ParameterSetName = 'FolderId' | |
| )] | |
| [int] | |
| $TssFolderId, | |
| [string] | |
| # name of field to add to Secret name | |
| $TssFieldName = 'Notes', | |
| [string] | |
| # Secret Server name | |
| $TssServer = 'kapp.estpak.ee' | |
| ) | |
| Write-Verbose -Message ('Connecting to server {0}' -f $TssServer) | |
| $ServerUri = 'https://{0}/SecretServer' -f $TssServer | |
| $Session = New-TssSession -SecretServer $ServerUri -UseWindowsAuth | |
| $folderProps = @{ | |
| TssSession = $session | |
| ErrorAction = 'Stop' | |
| } | |
| switch ($PSCmdlet.ParameterSetName) { | |
| 'FolderName' { | |
| $folderProps.FolderPath = $TssFolderName | |
| } | |
| 'FolderId' { | |
| $folderProps.FolderId = $TssFolderId | |
| } | |
| } | |
| $TargetFolder = Get-TssFolder @folderProps | |
| Search-TssSecret -TssSession $Session -FolderId $TargetFolder.FolderId -IncludeSubFolders | | |
| ForEach-Object { | |
| $CurrentSecret = $_ | |
| Write-Verbose -Message ('Updating secret {0}: {1}' -f $CurrentSecret.Id, $CurrentSecret.Name) | |
| $OldName = if ($CurrentSecret.Name -match '^(.*) \(.*\)$') { | |
| $Matches.1 | |
| } else { | |
| $CurrentSecret.Name | |
| } | |
| $NamePart = ( | |
| Get-TssSecretField -TssSession $session -Id $CurrentSecret.Id -FieldName $TssFieldName | |
| ).Trim('"') | |
| $NewName = '{0} ({1})' -f $OldName, $NamePart | |
| if ($PSCmdlet.ShouldProcess($newname, 'Update secret name')) { | |
| try { | |
| Set-TssSecret -TssSession $Session -Id $CurrentSecret.Id -SecretName $NewName | |
| } catch { | |
| $Session = New-TssSession -SecretServer $ServerUri -UseWindowsAuth | |
| Set-TssSecret -TssSession $Session -Id $CurrentSecret.Id -SecretName $NewName | |
| } | |
| } | |
| } | | |
| Export-Csv -UseCulture -NoTypeInformation -Encoding utf8BOM -Path baasid.csv -Confirm:$false -WhatIf:$false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 5.1 | |
| #Requires -Modules Thycotic.SecretServer | |
| #Requires -Modules VMware.VimAutomation.Core | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter( | |
| Mandatory, | |
| ValueFromPipeline | |
| )] | |
| [string[]] | |
| # list of computer names (or IPs) to check | |
| $ComputerName, | |
| [parameter( | |
| Mandatory, | |
| ParameterSetName = 'FolderName' | |
| )] | |
| [Alias('SecretServerFolder')] | |
| [string] | |
| $TssFolderName, | |
| [parameter( | |
| Mandatory, | |
| ParameterSetName = 'FolderId' | |
| )] | |
| [int] | |
| $TssFolderId, | |
| [string] | |
| # name of field to search computername from | |
| $TssFieldName = 'notes', | |
| [string] | |
| # Secret Server name | |
| $TssServer = 'kapp.estpak.ee' | |
| ) | |
| begin { | |
| Write-Verbose -Message ('Connecting to server {0}' -f $TssServer) | |
| $ServerUri = 'https://{0}/SecretServer' -f $TssServer | |
| $Session = New-TssSession -SecretServer $ServerUri -UseWindowsAuth | |
| $folderProps = @{ | |
| TssSession = $session | |
| ErrorAction = 'Stop' | |
| } | |
| switch ($PSCmdlet.ParameterSetName) { | |
| 'FolderName' { | |
| $folderProps.FolderPath = $TssFolderName | |
| } | |
| 'FolderId' { | |
| $folderProps.FolderId = $TssFolderId | |
| } | |
| } | |
| $TargetFolder = Get-TssFolder @folderProps | |
| $SearchProps = @{ | |
| FolderId = $TargetFolder.Id | |
| IncludeSubFolders = $true | |
| TssSession = $Session | |
| } | |
| $SecretList = foreach ($result in Search-TssSecret @SearchProps) { | |
| $HostName = Get-TssSecretField -Slug $TssFieldName -TssSession $Session -SecretId $result.Id | |
| [PSCustomObject] @{ | |
| SecretId = $result.Id | |
| SecretName = $result.SecretName | |
| ComputerName = $HostName.Trim('"') | |
| } | |
| } | |
| } | |
| process { | |
| foreach ($computer in $ComputerName) { | |
| if ($Secret = $SecretList | Where-Object ComputerName -eq $computer) { | |
| foreach ($s in $Secret) { | |
| Write-Verbose -Message ('Checking secret {0}: {1}' -f $s.SecretId, $s.SecretName) | |
| $CurrentSecret = Get-TssSecret -TssSession $Session -Id $s.SecretId | |
| $credential = $CurrentSecret.GetCredential('domain', 'username', 'password') | |
| $OutputProps = @{ | |
| SecretId = $s.SecretId | |
| SecretName = $s.SecretName | |
| ComputerName = $s.ComputerName | |
| } | |
| try { | |
| $null = Connect-VIServer -Server $s.ComputerName -Credential $Credential -ErrorAction Stop | |
| $Message = 'SUCCESS: Connected to {0}' -f $s.ComputerName | |
| Write-Verbose -Message $Message | |
| $OutputProps.Status = $true | |
| $OutputProps.Message = $Message | |
| } catch { | |
| $Message = 'Logon failed on {0}' -f $s.ComputerName | |
| Write-Warning -Message $Message | |
| $OutputProps.Status = $false | |
| $OutputProps.Message = $Message | |
| } | |
| [PSCustomObject] $OutputProps | |
| } | |
| } else { | |
| $Message = 'Secret not found for computer: {0}' -f $computer | |
| Write-Verbose -Message $Message | |
| [PSCustomObject] @{ | |
| SecretId = $null | |
| SecretName = $null | |
| ComputerName = $computer | |
| Status = $false | |
| Message = $Message | |
| } | |
| } | |
| } | |
| } | |
| end { | |
| Write-Verbose -Message ('Disconnecting from all servers') | |
| Disconnect-ViServer -Server * -Confirm:$false | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
call:
Set-SecretName.ps1 -TssFolderId 3974