functions/Set-TssSecret.ps1
|
function Set-TssSecret { <# .SYNOPSIS Set a value for a given secret in Secret Server .DESCRIPTION Sets a secret property or field in Secret Server. .PARAMETER TssSession TssSession object created by New-TssSession .PARAMETER Id Secret ID to the property/field. .PARAMETER Comment Comment to provide for restricted secret (Require Comment is enabled) .PARAMETER Property Property name to set. .PARAMETER Field Field name to set .PARAMETER Value Value to set for field or property .PARAMETER Raw Output the raw response from the REST API endpoint .EXAMPLE PS C:\> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred PS C:\> Set-TssSecret -TssSession $session -Id 93 -Property Name -Value "Server2 admin account" Sets secret 93's property, "Name", to "Server2 admin account" .EXAMPLE PS C:\> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred PS C:\> Set-TssSecret -TssSession $session -Id 93 -Field Machine -Value "server2" Sets secret 93's field, "Machine", to "server2" .EXAMPLE PS C:\> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred PS C:\> Set-TssSecret -TssSession $session -Id 1455 -Property enableInheritPermissions -Value $false -Comment "disabling folder inheritance" Sets secret 1455's property, "enableInheritPermissions", to false and providing required comment .EXAMPLE PS C:\> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred PS C:\> Set-TssSecret -TssSession $session -Id 1455 -Field Notes -Value "to be decommissioned" -Comment "updating notes field" Sets secret 1455's field, "Notes", to the provided value providing required comment .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess)] param( # TssSession object passed for auth info [Parameter(Mandatory,ValueFromPipeline)] [TssSession]$TssSession, # Secret Id to modify [Parameter(Mandatory,ValueFromPipelineByPropertyName)] [Alias("SecretId")] [int[]] $Id, # Provide comment for restricted secret [string] $Comment, [Parameter(ParameterSetName = "prop")] [Alias('PropertyName')] [string] $Property, [Parameter(ParameterSetName = "field")] [Alias('FieldName')] [string] $Field, [Parameter(ParameterSetName = "prop",Mandatory)] [Parameter(ParameterSetName = "field",Mandatory)] [string] $Value, # output the raw response from the API endpoint [switch] $Raw ) begin { $tssParams = . $GetParams $PSBoundParameters 'Set-TssSecret' $invokeParams = @{ } $getSecretParams = @{ } } process { if ($tssParams.Contains('TssSession') -and $TssSession.IsValidSession()) { foreach ($secret in $Id) { if ($Property) { $getSecretParams.TssSession = $TssSession $getSecretParams.Id = $secret $getSecretParams.Raw = $true $getSecretParams.Comment = $Comment $getSecretParams.WarningVariable = "warn" $getSecretParams.WarningAction = "Stop" $cSecret = Get-TssSecret @getSecretParams if ($cSecret) { $props = $cSecret.PSObject.Properties if ($props["$Property"]) { $cSecret.$Property = $Value } else { Write-Warning "Property [$Property] not found on secret [$secret]" continue } $uri = $TssSession.SecretServerUrl + ($TssSession.ApiVersion, "secrets", $secret.ToString() -join '/') $invokeParams.Uri = $Uri $invokeParams.PersonalAccessToken = $TssSession.AccessToken $invokeParams.Body = $cSecret | ConvertTo-Json $invokeParams.Method = 'PUT' if (-not $PSCmdlet.ShouldProcess("$($invokeParams.Method) $uri with $body")) { return } try { $restResponse = Invoke-TssRestApi @invokeParams -ErrorAction Stop -ErrorVariable err } catch { if ($apiError.errorCode) { throw "$($apiError.errorCode): $($apiError.message)" } elseif ($apiError.message) { throw $apiError.message } else { throw $err } } if ($Raw) { $restResponse continue } if ($restResponse) { $outSecret = [PSCustomObject]@{ PSTypeName = 'TssSecret' Id = $restResponse.id Name = $restResponse.name SecretTemplateId = $restResponse.secretTemplateId SecretTemplateName = $restResponse.secretTemplateName FolderId = if ($restResponse.folderId -eq -1) { $null } else { $restResponse.folderId } Active = $restResponse.active LauncherConnectSecretId = if ($restResponse.launcherConnectAsSecretId -eq -1) { $null } else { $restResponse.launcherConnectAsSecretId } IsRestricted = $restResponse.isRestricted IsOutOfSync = $restResponse.isOutOfSync OutOfSyncReason = $restResponse.outOfSyncReason AutoChangeEnabled = $restResponse.autoChangeEnabled AutoChangeNextPassword = $restResponse.AutoChangeNextPassword RequiresApprovalForAccess = $restResponse.requiresApprovalForAccess RequiresComment = $restResponse.requiresComment CheckedOut = $restResponse.checkedOut CheckoutEnabled = $restResponse.checkOutEnabled CheckoutUserId = if ($restResponse.checkOutUserId -eq -1) { $null } else { $restResponse.checkOutUserId } CheckoutUserDisplayName = if ($restResponse.checkOutUserDisplayName -eq -1) { $null } else { $restResponse.checkOutUserDisplayName } CheckoutIntervalMinutes = if ($restResponse.CheckoutIntervalMinutes -eq -1) { $null } else { $restResponse.checkOutIntervalMinutes } CheckoutChangePassword = $restResponse.checkOutChangePasswordEnabled AccessRequestWorkflowMapId = if ($restResponse.accessRequestWorkflowMapId -eq -1) { $null } else { $restResponse.accessRequestWorkflowMapId } ProxyEnabled = $restResponse.proxyEnabled SessionRecordingEnabled = $restResponse.sessionRecordingEnabled RestrictSshCommands = $restResponse.restrictSshCommands AllowOwnersUnrestrictedSshCommands = $restResponse.allowOwnersUnrestrictedSshCommands IsDoubleLock = $restResponse.isDoubleLock DoubleLockId = if ($restResponse.doubleLockId -eq -1) { $null } else { $restResponse.doubleLockId } EnableInheritsPermissions = $restResponse.enableInheritPermissions EnableInheritsSecretPolicy = if ($restResponse.enableInheritSecretPolicy -eq -1) { $null } else { $restResponse.enableInheritSecretPolicy } SiteId = $restResponse.siteId SecretPolicyId = if ($restResponse.secretPolicyId -eq -1) { $null } else { $restResponse.secretPolicyId } LastHeartbeatStatus = $restResponse.lastHeartBeatStatus LastHeartbeatCheck = [datetime]$restResponse.lastHeartBeatCheck FailedPasswordChangeAttempts = $restResponse.failedPasswordChangeAttempts LastPasswordChangeAttempt = [datetime]$restResponse.lastPasswordChangeAttempt PasswordTypeWebscriptId = if ($restResponse.passwordTypeWebScriptId -eq -1) { $null } else { $restResponse.passwordTypeWebScriptId } } $items = foreach ($itemDetail in $restResponse.items) { [pscustomobject]@{ PSTypeName = 'TssSecretItem' ItemId = $itemDetail.itemId ItemValue = $itemDetail.itemValue FieldId = $itemDetail.fieldId FieldName = $itemDetail.fieldName Slug = $itemDetail.slug FieldDescription = $itemDetail.fieldDescription IsFile = $itemDetail.isFile FileAttachmentId = $itemDetail.fileAttachmentId FileName = $itemDetail.fileName IsNotes = $itemDetail.isNotes IsPassword = $itemDetail.isPassword } } $outSecret.PSObject.Properties.Add([PSNoteProperty]::new('Items',$items)) $outSecret } } } if ($Field) { $uri = $TssSession.SecretServerUrl + ($TssSession.ApiVersion, "secrets", $secret, "fields", $Field -join "/") $body = "{'value': '$Value'}" $invokeParams.Uri = $uri $invokeParams.Body = $body $invokeParams.PersonalAccessToken = $TssSession.AccessToken $invokeParams.Method = 'PUT' if (-not $PSCmdlet.ShouldProcess("$($invokeParams.Method) $uri with $body")) { return } try { $restResponse = Invoke-TssRestApi @invokeParams -ErrorAction Stop -ErrorVariable err } catch { if ($apiError.errorCode) { throw "$($apiError.errorCode): $($apiError.message)" } elseif ($apiError.message) { throw $apiError.message } else { throw $err } } if ($Raw) { $restResponse continue } if ($restResponse) { $getSecretParams.TssSession = $TssSession $getSecretParams.Id = $secret $getSecretParams.Comment = $Comment Get-TssSecret @getSecretParams } } } } else { Write-Warning "No valid session found" } } } |