{"Name":"Dynamic Folder Export","Objects":[{"Type":"DynamicFolder","Name":"Thyco

1. {"Name":"Dynamic Folder Export","Objects":[{"Type":"DynamicFolder","Name":"Thycotic Secret Server (PowerShell)","Description":"Dynamic Folder Sample for Secret Server","Notes":"<h2><strong>Dynamic Folder sample for Secret Server</strong></h2>\n\n<p><strong>Version</strong>: 1.0<br />\n<strong>Author</strong>: Royal Applications</p>\n\n<p>This Dynamic Folder sample for Thycotic Secret Server supports Dynamic Credentials and Multi-Factor-Authentication (MFA).</p>\n\n<h3><strong>Setup</strong></h3>\n\n<ul>\n\t<li>Enter your &quot;Server URL&quot; in the &quot;Custom Properties&quot; section.</li>\n\t<li>Enter or assign your Secret Server&nbsp;credentials.</li>\n\t<li>If MFA is required by your server/user, enable it by setting &quot;<span style=\"font-family:courier new,courier,monospace;\">-requiresMFA</span>&quot; to &quot;<span style=\"font-family:courier new,courier,monospace;\">$true</span>&quot; instead of &quot;<span style=\"font-family:courier new,courier,monospace;\">$false</span>&quot; in the&nbsp;last line of both scripts.</li>\n</ul>\n","CustomProperties":[{"Name":"Server URL","Type":"URL","Value":"TODO"}],"ScriptInterpreter":"powershell","DynamicCredentialScriptInterpreter":"powershell","DynamicCredentialScript":"$ErrorActionPreference = \"Stop\"\n\nfunction Is-MacOS() {\n    [String]$os = $PSVersionTable.OS\n\n    return $os.StartsWith(\"darwin\", [System.StringComparison]::CurrentCultureIgnoreCase)\n}\n\nfunction Run-Native([String] $command, [Array] $commandArgs) {\n    $env:commandlineargumentstring=($commandArgs | %{'\"'+ ($_ -replace '(\\\\*)\"','$1$1\\\"' -replace '(\\\\*)$','$1$1') + '\"'}) -join ' ';\n    return & $command --% %commandlineargumentstring%\n}\n\nfunction Show-Prompt-Mac([String] $prompt, [String] $defaultValue) {\n    $command = \"/usr/bin/osascript\"\n    $script = \"set resp to text returned of (display dialog \"\"$prompt\"\" default answer \"\"$defaultValue\"\" buttons {\"\"Cancel\"\", \"\"OK\"\"} default button \"\"OK\"\")\"\n    $commandArgs = @( \"-e\", $script )\n\n    $ret = Run-Native -command $command -commandArgs @( \"-e\", $script )\n\n    return $ret\n}\n\nfunction Show-Prompt-Windows([String] $prompt, [String] $defaultValue) {\n    [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null\n    $ret = [Microsoft.VisualBasic.Interaction]::InputBox($prompt, \"\", $defaultValue)\n\n    return $ret\n}\n\nfunction Show-Prompt([String] $prompt, [String] $defaultValue) {\n    if (Is-MacOS) {\n        return Show-Prompt-Mac -prompt $prompt -defaultValue $defaultValue\n    } else {\n        return Show-Prompt-Windows -prompt $prompt -defaultValue $defaultValue\n    }\n}\n\nfunction Convert-Notes-To-HTML ($notes) {\n    $notes -Replace \"\\r\\n\", \"<br />\" -Replace \"\\r\", \"<br />\" -Replace \"\\n\", \"<br />\"\n}\n\n$SLUGS_USERNAME =   ( \"username\", \"licensed-to\" );\n$SLUGS_DOMAIN =     ( \"domain\" );\n$SLUGS_PASSWORD =   ( \"password\", \"pin-code\", \"combination\", \"license-key\", \"pin\" );\n$SLUGS_PASSPHRASE = ( \"private-key-passphrase\", \"passphrase\" );\n\nfunction Create-Credential ($restricted) {\n    $restrictedItems = $restricted.items\n\n    $credentialUsername = \"\"\n    $credentialPassword = \"\"\n    $credentialPassphrase = \"\"\n    \n    ForEach ($restrictedItem in $restrictedItems) {\n        $restrictedItemValue = $restrictedItem.itemValue\n\n        if (!$restrictedItemValue) {\n            continue\n        }\n\n        $slug = $restrictedItem.slug\n        \n        if ($SLUGS_USERNAME.Contains($slug)) {\n            $credentialUsername = $restrictedItemValue\n        } elseif ($SLUGS_DOMAIN.Contains($slug)) {\n            $credentialDomain = $restrictedItemValue\n        } elseif ($SLUGS_PASSWORD.Contains($slug)) {\n            $credentialPassword = $restrictedItemValue\n        } elseif ($SLUGS_PASSPHRASE.Contains($slug)) {\n            $credentialPassphrase = $restrictedItemValue\n        }\n    }\n\n    if ($credentialDomain -and $credentialUsername) {\n        $credentialUsername = \"$credentialDomain\\$credentialUsername\"\n    }\n    \n    $credential = New-Object pscustomobject -Property @{\n        \"Username\" = $credentialUsername;\n        \"Password\" = $credentialPassword;\n        \"Passphrase\" = $credentialPassphrase;\n    }\n\n    return $credential\n}\n\nfunction Get-Credential($url, $username, $password, $requiresMFA, $secretID) {\n    $api = \"$url/api/v1\"\n    $tokenRoute = \"$url/oauth2/token\";\n\n    $tokenParams = @{\n        grant_type = \"password\";\n        username = $username;\n        password = $password;\n    }\n\n    $headers = $null\n\n    If ($requiresMFA) {\n        $headers = @{\n            \"OTP\" = Show-Prompt -prompt \"Enter your OTP for MFA:\"\n        }\n    }\n\n    $tokenJSON = Invoke-WebRequest -SkipCertificateCheck -Uri $tokenRoute -Method POST -Body $tokenParams -Headers $headers\n    $token = (ConvertFrom-Json $tokenJSON.Content).access_token\n\n    $headers = @{\n        \"Authorization\" = \"Bearer $token\"\n    }\n\n    $restrictedJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/secrets/$secretID/restricted\" -Headers $headers -Method POST\n    $restricted = (ConvertFrom-Json $restrictedJSON.Content)\n\n    $credential = Create-Credential -restricted $restricted\n\n    $credentialJSON = (ConvertTo-Json -InputObject $credential -Depth 100)\n    \n    $credentialJSON\n}\n\nGet-Credential -url \"$CustomProperty.ServerURL$\" -username \"$EffectiveUsername$\" -password \"$EffectivePassword$\" -secretID \"$DynamicCredential.EffectiveID$\" -requiresMFA $false","Script":"$ErrorActionPreference = \"Stop\"\n\nfunction Is-MacOS() {\n    [String]$os = $PSVersionTable.OS\n\n    return $os.StartsWith(\"darwin\", [System.StringComparison]::CurrentCultureIgnoreCase)\n}\n\nfunction Run-Native([String] $command, [Array] $commandArgs) {\n    $env:commandlineargumentstring=($commandArgs | %{'\"'+ ($_ -replace '(\\\\*)\"','$1$1\\\"' -replace '(\\\\*)$','$1$1') + '\"'}) -join ' ';\n    return & $command --% %commandlineargumentstring%\n}\n\nfunction Show-Prompt-Mac([String] $prompt, [String] $defaultValue) {\n    $command = \"/usr/bin/osascript\"\n    $script = \"set resp to text returned of (display dialog \"\"$prompt\"\" default answer \"\"$defaultValue\"\" buttons {\"\"Cancel\"\", \"\"OK\"\"} default button \"\"OK\"\")\"\n    $commandArgs = @( \"-e\", $script )\n\n    $ret = Run-Native -command $command -commandArgs @( \"-e\", $script )\n\n    return $ret\n}\n\nfunction Show-Prompt-Windows([String] $prompt, [String] $defaultValue) {\n    [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null\n    $ret = [Microsoft.VisualBasic.Interaction]::InputBox($prompt, \"\", $defaultValue)\n\n    return $ret\n}\n\nfunction Show-Prompt([String] $prompt, [String] $defaultValue) {\n    if (Is-MacOS) {\n        return Show-Prompt-Mac -prompt $prompt -defaultValue $defaultValue\n    } else {\n        return Show-Prompt-Windows -prompt $prompt -defaultValue $defaultValue\n    }\n}\n\nfunction Convert-Notes-To-HTML ($notes) {\n    $notes -Replace \"\\r\\n\", \"<br />\" -Replace \"\\r\", \"<br />\" -Replace \"\\n\", \"<br />\"\n}\n\nfunction Create-Credential ($apiURL, $secret, $folderDict) {\n    $credentialID = $secret.id\n    $credentialName = $secret.name\n\n    $folderPath = \"\"\n    \n    if ($secret.folderId -and $folderDict.ContainsKey($secret.folderId)) {\n        $folderPath = $folderDict[$secret.folderId]\n    }\n    \n    $credential = New-Object pscustomobject -Property @{\n        \"Type\" = \"DynamicCredential\";\n        \"ID\" = $credentialID;\n        \"Name\" = $credentialName;\n        \"Path\" = $folderPath;\n    }\n\n    return $credential\n}\n\nfunction Get-Entries($url, $username, $password, $requiresMFA) {\n    $api = \"$url/api/v1\"\n    $tokenRoute = \"$url/oauth2/token\";\n\n    $tokenParams = @{\n        grant_type = \"password\";\n        username = $username;\n        password = $password;\n    }\n\n    $headers = $null\n\n    If ($requiresMFA) {\n        $headers = @{\n            \"OTP\" = Show-Prompt -prompt \"Enter your OTP for MFA:\"\n        }\n    }\n\n    $tokenJSON = Invoke-WebRequest -SkipCertificateCheck -Uri $tokenRoute -Method POST -Body $tokenParams -Headers $headers\n    $token = (ConvertFrom-Json $tokenJSON.Content).access_token\n\n    $headers = @{\n        \"Authorization\" = \"Bearer $token\"\n    }\n\n    $foldersRequestBody = @{\n        \"paging.take\" = 1000;\n    }\n\n    $foldersJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/folders\" -Headers $headers -Body $foldersRequestBody\n    $folders = (ConvertFrom-Json $foldersJSON.Content)\n\n    $folderDict = @{}\n\n    ForEach ($folder in $folders.records) {\n        $folderDict.Add($folder.id, $folder.folderPath)\n    }\n\n    $secretsRequestBody = @{\n        \"paging.take\" = 1000;\n    }\n\n    $secretsJSON = Invoke-WebRequest -SkipCertificateCheck -Uri \"$api/secrets\" -Headers $headers -Body $secretsRequestBody\n    $secrets = (ConvertFrom-Json $secretsJSON.Content)\n\n    $storeObjects = @()\n\n    ForEach ($secret in $secrets.records) {\n        $credential = Create-Credential -apiURL $api -secret $secret -folderDict $folderDict\n        \n        $storeObjects += $credential\n    }\n\n    $store = New-Object pscustomobject -Property @{\n        \"Objects\" = $storeObjects;\n    }\n\n    $storeJSON = (ConvertTo-Json -InputObject $store -Depth 100)\n    \n    $storeJSON\n}\n\nGet-Entries -url \"$CustomProperty.ServerURL$\" -username \"$EffectiveUsername$\" -password \"$EffectivePassword$\" -requiresMFA $false"}]}