Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {"Name":"Dynamic Folder Export","Objects":[{"Type":"DynamicFolder","Name":"Thycotic Secret Server (PowerShell)","Description":"Dynamic Folder Sample for Secret Server","Notes":"<h2><strong>Dynamic Folder sample for Secret Server</strong></h2>\n\n<p><strong>Version</strong>: 1.0<br />\n<strong>Author</strong>: Royal Applications</p>\n\n<p>This Dynamic Folder sample for Thycotic Secret Server supports Dynamic Credentials and Multi-Factor-Authentication (MFA).</p>\n\n<h3><strong>Setup</strong></h3>\n\n<ul>\n\t<li>Enter your "Server URL" in the "Custom Properties" section.</li>\n\t<li>Enter or assign your Secret Server credentials.</li>\n\t<li>If MFA is required by your server/user, enable it by setting "<span style=\"font-family:courier new,courier,monospace;\">-requiresMFA</span>" to "<span style=\"font-family:courier new,courier,monospace;\">$true</span>" instead of "<span style=\"font-family:courier new,courier,monospace;\">$false</span>" in the last line of both scripts.</li>\n</ul>\n","CustomProperties":[{"Name":"Server URL","Type":"URL","Value":"TODO"}],"ScriptInterpreter":"powershell","DynamicCredentialScriptInterpreter":"powershell","DynamicCredentialScript":"$ErrorActionPreference = \"Stop\"\n\nfunction Is-MacOS() {\n [String]$os = $PSVersionTable.OS\n\n return $os.StartsWith(\"darwin\", [System.StringComparison]::CurrentCultureIgnoreCase)\n}\n\nfunction Run-Native([String] $command, [Array] $commandArgs) {\n $env:commandlineargumentstring=($commandArgs | %{'\"'+ ($_ -replace '(\\\\*)\"','$1$1\\\"' -replace '(\\\\*)$','$1$1') + '\"'}) -join ' ';\n return & $command --% %commandlineargumentstring%\n}\n\nfunction Show-Prompt-Mac([String] $prompt, [String] $defaultValue) {\n $command = \"/usr/bin/osascript\"\n $script = \"set resp to text returned of (display dialog \"\"$prompt\"\" default answer \"\"$defaultValue\"\" buttons {\"\"Cancel\"\", \"\"OK\"\"} default button \"\"OK\"\")\"\n $commandArgs = @( \"-e\", $script )\n\n $ret = Run-Native -command $command -commandArgs @( \"-e\", $script )\n\n return $ret\n}\n\nfunction Show-Prompt-Windows([String] $prompt, [String] $defaultValue) {\n [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null\n $ret = [Microsoft.VisualBasic.Interaction]::InputBox($prompt, \"\", $defaultValue)\n\n return $ret\n}\n\nfunction Show-Prompt([String] $prompt, [String] $defaultValue) {\n if (Is-MacOS) {\n return Show-Prompt-Mac -prompt $prompt -defaultValue $defaultValue\n } else {\n return Show-Prompt-Windows -prompt $prompt -defaultValue $defaultValue\n }\n}\n\nfunction Convert-Notes-To-HTML ($notes) {\n $notes -Replace \"\\r\\n\", \"<br />\" -Replace \"\\r\", \"<br />\" -Replace \"\\n\", \"<br />\"\n}\n\n$SLUGS_USERNAME = ( \"username\", \"licensed-to\" );\n$SLUGS_DOMAIN = ( \"domain\" );\n$SLUGS_PASSWORD = ( \"password\", \"pin-code\", \"combination\", \"license-key\", \"pin\" );\n$SLUGS_PASSPHRASE = ( \"private-key-passphrase\", \"passphrase\" );\n\nfunction Create-Credential ($restricted) {\n $restrictedItems = $restricted.items\n\n $credentialUsername = \"\"\n $credentialPassword = \"\"\n $credentialPassphrase = \"\"\n \n ForEach ($restrictedItem in $restrictedItems) {\n $restrictedItemValue = $restrictedItem.itemValue\n\n if (!$restrictedItemValue) {\n continue\n }\n\n $slug = $restrictedItem.slug\n \n if ($SLUGS_USERNAME.Contains($slug)) {\n $credentialUsername = $restrictedItemValue\n } elseif ($SLUGS_DOMAIN.Contains($slug)) {\n $credentialDomain = $restrictedItemValue\n } elseif ($SLUGS_PASSWORD.Contains($slug)) {\n $credentialPassword = $restrictedItemValue\n } elseif ($SLUGS_PASSPHRASE.Contains($slug)) {\n $credentialPassphrase = $restrictedItemValue\n }\n }\n\n if ($credentialDomain -and $credentialUsername) {\n $credentialUsername = \"$credentialDomain\\$credentialUsername\"\n }\n \n $credential = New-Object pscustomobject -Property @{\n \"Username\" = $credentialUsername;\n \"Password\" = $credentialPassword;\n \"Passphrase\" = $credentialPassphrase;\n }\n\n return $credential\n}\n\nfunction Get-Credential($url, $username, $password, $requiresMFA, $secretID) {\n $api = \"$url/api/v1\"\n $tokenRoute = \"$url/oauth2/token\";\n\n $tokenParams = @{\n grant_type = \"password\";\n username = $username;\n password = $password;\n }\n\n $headers = $null\n\n If ($requiresMFA) {\n $headers = @{\n \"OTP\" = Show-Prompt -prompt \"Enter your OTP for MFA:\"\n }\n }\n\n $tokenJSON = Invoke-WebRequest -SkipCertificateCheck -Uri $tokenRoute -Method POST -Body $tokenParams -Headers $headers\n $token = (ConvertFrom-Json $tokenJSON.Content).access_token\n\n $headers = @{\n \"Authorization\" = \"Bearer $token\"\n }\n\n $restrictedJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/secrets/$secretID/restricted\" -Headers $headers -Method POST\n $restricted = (ConvertFrom-Json $restrictedJSON.Content)\n\n $credential = Create-Credential -restricted $restricted\n\n $credentialJSON = (ConvertTo-Json -InputObject $credential -Depth 100)\n \n $credentialJSON\n}\n\nGet-Credential -url \"$CustomProperty.ServerURL$\" -username \"$EffectiveUsername$\" -password \"$EffectivePassword$\" -secretID \"$DynamicCredential.EffectiveID$\" -requiresMFA $false","Script":"$ErrorActionPreference = \"Stop\"\n\nfunction Is-MacOS() {\n [String]$os = $PSVersionTable.OS\n\n return $os.StartsWith(\"darwin\", [System.StringComparison]::CurrentCultureIgnoreCase)\n}\n\nfunction Run-Native([String] $command, [Array] $commandArgs) {\n $env:commandlineargumentstring=($commandArgs | %{'\"'+ ($_ -replace '(\\\\*)\"','$1$1\\\"' -replace '(\\\\*)$','$1$1') + '\"'}) -join ' ';\n return & $command --% %commandlineargumentstring%\n}\n\nfunction Show-Prompt-Mac([String] $prompt, [String] $defaultValue) {\n $command = \"/usr/bin/osascript\"\n $script = \"set resp to text returned of (display dialog \"\"$prompt\"\" default answer \"\"$defaultValue\"\" buttons {\"\"Cancel\"\", \"\"OK\"\"} default button \"\"OK\"\")\"\n $commandArgs = @( \"-e\", $script )\n\n $ret = Run-Native -command $command -commandArgs @( \"-e\", $script )\n\n return $ret\n}\n\nfunction Show-Prompt-Windows([String] $prompt, [String] $defaultValue) {\n [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null\n $ret = [Microsoft.VisualBasic.Interaction]::InputBox($prompt, \"\", $defaultValue)\n\n return $ret\n}\n\nfunction Show-Prompt([String] $prompt, [String] $defaultValue) {\n if (Is-MacOS) {\n return Show-Prompt-Mac -prompt $prompt -defaultValue $defaultValue\n } else {\n return Show-Prompt-Windows -prompt $prompt -defaultValue $defaultValue\n }\n}\n\nfunction Convert-Notes-To-HTML ($notes) {\n $notes -Replace \"\\r\\n\", \"<br />\" -Replace \"\\r\", \"<br />\" -Replace \"\\n\", \"<br />\"\n}\n\nfunction Create-Credential ($apiURL, $secret, $folderDict) {\n $credentialID = $secret.id\n $credentialName = $secret.name\n\n $folderPath = \"\"\n \n if ($secret.folderId -and $folderDict.ContainsKey($secret.folderId)) {\n $folderPath = $folderDict[$secret.folderId]\n }\n \n $credential = New-Object pscustomobject -Property @{\n \"Type\" = \"DynamicCredential\";\n \"ID\" = $credentialID;\n \"Name\" = $credentialName;\n \"Path\" = $folderPath;\n }\n\n return $credential\n}\n\nfunction Get-Entries($url, $username, $password, $requiresMFA) {\n $api = \"$url/api/v1\"\n $tokenRoute = \"$url/oauth2/token\";\n\n $tokenParams = @{\n grant_type = \"password\";\n username = $username;\n password = $password;\n }\n\n $headers = $null\n\n If ($requiresMFA) {\n $headers = @{\n \"OTP\" = Show-Prompt -prompt \"Enter your OTP for MFA:\"\n }\n }\n\n $tokenJSON = Invoke-WebRequest -SkipCertificateCheck -Uri $tokenRoute -Method POST -Body $tokenParams -Headers $headers\n $token = (ConvertFrom-Json $tokenJSON.Content).access_token\n\n $headers = @{\n \"Authorization\" = \"Bearer $token\"\n }\n\n $foldersRequestBody = @{\n \"paging.take\" = 1000;\n }\n\n $foldersJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/folders\" -Headers $headers -Body $foldersRequestBody\n $folders = (ConvertFrom-Json $foldersJSON.Content)\n\n $folderDict = @{}\n\n ForEach ($folder in $folders.records) {\n $folderDict.Add($folder.id, $folder.folderPath)\n }\n\n $secretsRequestBody = @{\n \"paging.take\" = 1000;\n }\n\n $secretsJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/secrets\" -Headers $headers -Body $secretsRequestBody\n $secrets = (ConvertFrom-Json $secretsJSON.Content)\n\n $storeObjects = @()\n\n ForEach ($secret in $secrets.records) {\n $credential = Create-Credential -apiURL $api -secret $secret -folderDict $folderDict\n \n $storeObjects += $credential\n }\n\n $store = New-Object pscustomobject -Property @{\n \"Objects\" = $storeObjects;\n }\n\n $storeJSON = (ConvertTo-Json -InputObject $store -Depth 100)\n \n $storeJSON\n}\n\nGet-Entries -url \"$CustomProperty.ServerURL$\" -username \"$EffectiveUsername$\" -password \"$EffectivePassword$\" -requiresMFA $false"}]}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement