我试图通过powershell直接从Thycotic Secret Server获取凭据,而不是复制和粘贴每个用户名/密码。以前有人遇到过这个吗?
我为这类事写了一个函数。
必填字段是
-Webservice
需要指向sswebservice.asmx
通常位于https://{Base Address}/webservices/sswebservice.asmx
-Credential
这是你的Thycotic登录。
-searchTerm
这是你要搜索的字符串。
function Get-Secret{
Param (
[Parameter(Mandatory=$False)]
[string] $WebService,
[Parameter(Mandatory=$True)]
[pscredential] $Credential,
[string] $Organization = $Null,
[Parameter(Mandatory=$True)]
[string] $SearchTerm = $Null,
[Parameter(ParameterSetName='Only',Mandatory=$false)]
[switch] $CountOnly,
[Parameter(ParameterSetName='Only',Mandatory=$false)]
[switch] $SummeryOnly,
[switch] $Raw
)
$Service = New-WebServiceProxy -uri $WebService -UseDefaultCredential
$LoginResult = $Service.Authenticate($($Credential.GetNetworkCredential().Username), $($Credential.GetNetworkCredential().Password), $Organization, $($Credential.GetNetworkCredential().Domain))
if($LoginResult.errors){
throw $LoginResult.errors
return
}
$Secret_IDs = $Service.SearchSecrets($LoginResult.token, $searchTerm, $true, $true)
if($Secret_IDs.errors){
throw $Secret_IDs.errors
return
}
if($CountOnly){
return $Secret_IDs.SecretSummaries.count
}
if($SummeryOnly){
return $Secret_IDs.SecretSummaries
}
$Response = @()
foreach($Secret_ID in $Secret_IDs.SecretSummaries){
$Secret = $Service.GetSecret($LoginResult.token, $Secret_ID.SecretID, $false, $null).secret
$Response += $Secret
}
if($Raw){
return $Response
}else{
return $Response | Foreach-object{
Write-Output "$($_.Name)"
Foreach($item in $_.Items){
Write-Output "$($item.FieldDisplayName) : $($item.Value)"
}
Write-Output "`r`n"
}
}
}
基本用法
Get-Secret -WebService "https://Stuff/sswebservice.asmx" -Credential $ThycoticCredentials -SearchTerm "HELLO"
其他用法是参数-raw
。这将返回一个基于Thycotic返回的对象。
您可以缩小到现场项目
Get-Secret -WebService "https://Stuff/sswebservice.asmx" -Credential $ThycoticCredentials -SearchTerm "HELLO" -raw | select -ExpandProperty Items
甚至缩小到值(这一个得到字段用户名)
Get-Secret -WebService "https://Stuff/sswebservice.asmx" -Credential $ThycoticCredentials -SearchTerm "HELLO" -raw | select -ExpandProperty Items | ?{$_.fieldname -like 'username'} | select -ExpandProperty value