public/Get-VPASAccountPrivateSSHKey.ps1
|
<#
.Synopsis GET PRIVATE SSH KEY VALUE CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET PRIVATE SSH KEY VALUE OF AN ACCOUNT IN CYBERARK .LINK https://vpasmodule.com/commands/Get-VPASAccountPrivateSSHKey .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Safe name that will be used to query for the target account if no AcctID is passed .PARAMETER username Username that will be used to query for the target account if no AcctID is passed .PARAMETER platform PlatformID that will be used to query for the target account if no AcctID is passed .PARAMETER address Address that will be used to query for the target account if no AcctID is passed .PARAMETER AcctID Unique ID that maps to a single account, passing this variable will skip any query functions .PARAMETER Reason Define a reason for connecting for audit purposes .PARAMETER SaveToFile The key will be saved to a PEM file .PARAMETER HideOutput Suppress any output to the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $SSHKey = Get-VPASAccountPrivateSSHKey -reason {REASON VALUE} -safe {SAFE VALUE} -address {ADDRESS VALUE} .EXAMPLE $InputParameters = @{ safe = "TargetSafe" platform = "TargetPlatformID" username = "TargetUsername" address = "TargetAddress" reason = "Enter reason here" SaveToFile = $true|$false HideOutput = $true|$false } $SSHKey = Get-VPASAccountPrivateSSHKey -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ AcctID = "22_123" reason = "Enter reason here" SaveToFile = $true|$false HideOutput = $true|$false } $SSHKey = Get-VPASAccountPrivateSSHKey -InputParameters $InputParameters .OUTPUTS If successful: "ASuperSecretKeyValue==" --- $false if failed #> function Get-VPASAccountPrivateSSHKey{ [OutputType([String],[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$safe, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$platform, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$username, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$address, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter reason for pulling credentials (for example: 'CSTASK1234 - patching')")] [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter reason for pulling credentials (for example: 'CSTASK1234 - patching')")] [String]$reason, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID of the target account (for example: 22_123)")] [String]$AcctID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$SaveToFile, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$HideOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("safe","platform","username","address","reason","SaveToFile","HideOutput") MandatoryKeys = @("reason") } set2 = @{ AcceptableKeys = @("AcctID","reason","SaveToFile","HideOutput") MandatoryKeys = @("AcctID","reason") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE SSH KEY" Write-VPASOutput -str $_ -type E return $false } if([String]::IsNullOrEmpty($AcctID)){ Write-Verbose "NO ACCOUNT ID PROVIDED, INVOKING HELPER FUNCTION" $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address write-verbose "ACCOUNT ID WAS RETURNED" if($AcctID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY WITH SPECIFIED PARAMETERS" Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E return $false } elseif($AcctID -eq -2){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E return $false } else{ try{ Write-Verbose "MAKING API CALL TO CYBERARK" $params = @{ reason=$reason; } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" } Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING ACCOUNT DETAILS" if($SaveToFile){ if([String]::IsNullOrEmpty($response)){ Write-Verbose "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" if(!$HideOutput){ Write-VPASOutput -str "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" -type M } $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC return $response } else{ Write-Verbose "SSH KEY SAVED TO FILE" $curUser = $env:USERNAME $saveDir = "C:\Users\$curUser\Downloads\$AcctID-PrivateSSHKey.pem" write-output $response | Set-Content $saveDir if(!$HideOutput){ Write-VPASOutput -str "SSH KEY SAVED TO FILE: $saveDir" -type C } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC return $true } } else{ $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC return $response } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT RETRIEVE SSH KEY DETAILS" Write-VPASOutput -str $_ -type E return $false } } } else{ Write-Verbose "ACCOUNT ID PROVIDED, SKIPPING HELPER FUNCTION" try{ Write-Verbose "MAKING API CALL TO CYBERARK" $params = @{ reason=$reason; } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" } Write-Verbose "PARSING DATA FROM CYBERARK" Write-Verbose "RETURNING ACCOUNT DETAILS" if($SaveToFile){ if([String]::IsNullOrEmpty($response)){ Write-Verbose "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" if(!$HideOutput){ Write-VPASOutput -str "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" -type M } $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC return $response } else{ Write-Verbose "SSH KEY SAVED TO FILE" $curUser = $env:USERNAME $saveDir = "C:\Users\$curUser\Downloads\$AcctID-PrivateSSHKey.pem" write-output $response | Set-Content $saveDir if(!$HideOutput){ Write-VPASOutput -str "SSH KEY SAVED TO FILE: $saveDir" -type C } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC return $true } } else{ $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC return $response } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT RETRIEVE SSH KEY DETAILS" Write-VPASOutput -str $_ -type E return $false } } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |