public/New-TNCredential.ps1

function New-TNCredential {
    <#
    .SYNOPSIS
        Creates new credentials
 
    .DESCRIPTION
        Creates new credentials
 
    .PARAMETER SessionObject
        Optional parameter to force using specific SessionObjects. By default, each command will connect to all connected servers that have been connected to using Connect-TNServer
 
    .PARAMETER Name
        The name of the target credential
 
    .PARAMETER Description
        Description for Description
 
    .PARAMETER Type
        The type of credential
 
    .PARAMETER AuthType
        Description for AuthType
 
    .PARAMETER Credential
        The credential object (from Get-Credential) used to log into the target server. Specifies a user account that has permission to send the request.
 
    .PARAMETER CredentialHash
        Description for CredentialHash
 
    .PARAMETER PrivilegeEscalation
        Description for PrivilegeEscalation
 
    .PARAMETER EnableException
        By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
        This avoids overwhelming you with 'sea of red' exceptions, but is inconvenient because it basically disables advanced scripting.
        Using this switch turns this 'nice by default' feature off and enables you to catch exceptions with your own try/catch.
 
    .EXAMPLE
        PS C:\> $params = @{
              Name = "Windows Scanner Account"
              Type = "windows"
              AuthType = "password"
              Credential = "ad\nessus"
        }
        PS C:\> New-TNCredential @params -Verbose
 
        Creates a new Windows credential for ad\nessus
 
    .EXAMPLE
        PS C:\> $params = @{
              Name = "Linux Scanner Account"
              Type = "ssh"
              AuthType = "password"
              Credential = "acasaccount"
              PrivilegeEscalation = "sudo"
        }
 
        PS C:\> New-TNCredential @params -Verbose
 
        Creates a new SSH credential for acasaccount and sets the escalation type to sudo
 
 
    .EXAMPLE
        PS C:\> $credhash = @{
                dbType = "SQL Server"
                SQLServerAuthType = "SQL"
            }
 
        PS C:\> $params = @{
              Name = "SQL Server sqladmin"
              Type = "database"
              AuthType = "password"
              Credential = "sqladmin"
              CredentialHash = $credhash
        }
 
        PS C:\> New-TNCredential @params -Verbose
 
        Creates a new SQL Server credential for SQL Login sqladmin
 
    .EXAMPLE
        PS C:\> $credhash = @{
                dbType = "SQL Server"
                SQLServerAuthType = "Windows"
            }
 
        PS C:\> $params = @{
              Name = "SQL Server sqladmin"
              Type = "database"
              AuthType = "password"
              Credential = "ad\sqladmin"
              CredentialHash = $credhash
        }
 
        PS C:\> New-TNCredential @params -Verbose
 
        Creates a new SQL Server credential for Windows ad\sqladmin
 
#>

    [CmdletBinding()]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "")]
    param
    (
        [Parameter(ValueFromPipelineByPropertyName)]
        [object[]]$SessionObject = (Get-TNSession),
        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]
        [string]$Name,
        [Parameter(ValueFromPipelineByPropertyName)]
        [string]$Description,
        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]
        [ValidateSet("apiGateway", "database", "windows", "snmp", "ssh")]
        [string]$Type,
        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]
        [ValidateSet("BeyondTrust", "cyberark", "Hashicorp", "kerberos", "lieberman", "lm", "ntlm", "password", "thycotic", "ibmDPGateway", "certificate", "publickey")]
        [string]$AuthType,
        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]
        [psobject]$Credential,
        [hashtable]$CredentialHash,
        [ValidateSet("none", "su", "sudo", "su+sudo", "dzdo", "pbrun", "cisco", ".k5login")]
        [string]$PrivilegeEscalation = "none",
        [switch]$EnableException
    )
    begin {
        if ($Type -notin "windows", "ssh" -and -not $PSBoundParameters.CredentialHash) {
            Stop-PSFFunction -Message "You must specify a CredentialHash when Type is $Type"
            return
        }
        if ($AuthType -eq "certificate" -and -not $PSBoundParameters.CredentialHash) {
            Stop-PSFFunction -Message "You must specify a CredentialHash when AuthType is $AuthType"
            return
        }

        if ($Credential -isnot [pscredential]) {
            $Credential = Get-Credential $Credential -Message "Enter the username and password for the $Name credential"
        }
    }
    process {
        if (Test-PSFFunctionInterrupt) { return }

        foreach ($session in $SessionObject) {
            $PSDefaultParameterValues["*:SessionObject"] = $session
            if (-not $session.sc) {
                Stop-PSFFunction -EnableException:$EnableException -Message "Only tenable.sc supported" -Continue
            }

            if (-not $PSBoundParameters.CredentialHash) {
                $body = @{
                    name        = $Name
                    description = $Description
                    type        = $Type.ToLower()
                    authType    = $AuthType.ToLower()
                }
            } else {
                $body = $PSBoundParameters.CredentialHash
                $body.Add("name", $Name)
                $body.Add("description", $Description)
                $body.Add("type", $Type)
                $body.Add("authType", $AuthType)

                if (-not $CredentialHash.port) {
                    switch ($CredentialHash.dbType) {
                        "SQL Server" {
                            $body.Add("port", "1433")
                        }
                        "DB2" {
                            $body.Add("port", "50000")
                        }
                        "Informix/DRDA" {
                            $body.Add("port", "1526")
                        }
                        "MySQL" {
                            $body.Add("port", "3306")
                        }
                        "Oracle" {
                            $body.Add("port", "1521")
                        }
                        "PostgreSQL" {
                            $body.Add("port", "5432")
                        }
                    }
                }
            }

            if ($PSBoundParameters.Credential) {
                if ($Type -eq "windows" -and $Credential.UserName -match "\\") {
                    $domain, $username = $Credential.UserName -split "\\"
                    $body.Add("domain", $domain)
                } else {
                    $username = $Credential.UserName
                }

                if ($Type -eq "ssh") {
                    $body.Add("privilegeEscalation", $PrivilegeEscalation.ToLower())
                }

                if ($Type -notin "database") {
                    $body.Add("username", $username)
                } else {
                    $body.Add("login", $username)
                }

                $body.Add("password", ($Credential.GetNetworkCredential().Password))
            }

            $params = @{
                SessionObject   = $session
                Path            = "/credential"
                Method          = "POST"
                Parameter       = $body
                EnableException = $EnableException
            }

            Invoke-TNRequest @params | ConvertFrom-TNRestResponse
        }
    }
}