Thycotic Community - Secret Server - Powershell code examples on adding and querying secret containing files - Messages

Message from Kevin

Thu, 14 Oct 2010 16:37:19 GMT

Peter,

As Tucker described, you have a few options:

1. Always trust that the first result back is the correct one since exact matches float to the top.

2. Get your results back, then spin through them with PowerShell and do an exact match yourself.

3. Use a naming scheme that does not use search delimiters, like a space, then ensure that you always get back exactly one result.

Message from Tucker

Thu, 14 Oct 2010 05:49:06 GMT

Hello Per,

Search uses an OR on search terms, so you would receive all Secrets with 'Server1' or 'Admin'. The Space is an indexing character so the search term is broken up as 'Server1' or 'Admin', while '_' is not so the full text is used in the search Server2_Admin. Search will return in the order of first exact Secret Name matches, second partial name matches, and lastly Secret hash matches.

Message from Peter C

Thu, 14 Oct 2010 02:02:31 GMT

Hi Kevin,
Thank you very much!
My function to retrive a secret an store the result as Powershell Credential is working now both for windows and password Auth.

Only the SearchSecrets Method is delivering unexpected results when there are spaces in Secret Names!
When i have 2 secrets:
"Server1 Admin", "Server1 User"
and i search for "Server1 Admin" the method returns both secrets.

"Server2_Admin" and "Server2_User" returns only the secret i'm really searching for.

Is this desired behaviour?

Thank you,
Peter

Message from Kevin

Tue, 12 Oct 2010 06:34:41 GMT

Peter,

The URL of the web service for Windows Authentication Web Services is slightly different. The standard one is

/webservices/sswebservice.asmx

The one used for windows authentication is

/winauthwebservices/SSWinAuthWebService.asmx

The latter of the two does not require a token.

Thanks,
-- Kevin J.

Message from Peter C

Tue, 12 Oct 2010 02:06:09 GMT

Originally posted by JonathanNote that you don't have to embed your username/password in the code as in Kevin's example. You can always use Windows Authentication as long as you create a Secret Server user to match the user running the script.
http://support.thycotic.com/KB/a98/using-web-services-with-windows-authentication.aspx
Hello,
The example script in your Knolegde base gives me an error, because the method GetSecret() requires a token, which i cannot provide, because i get the token from the method Authenticate() which requires a password i basically want to avoid saving in cleartext:
Cannot find an overload for "GetSecret" and the argument count: "1".
At line:1 char:26
+ $wsResult = $ws.GetSecret <<<< ($secretId)
+ CategoryInfo : NotSpecified: ( [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

BTW: I know the missing parameter "token" in nearly every method only from the Browser URL: webservices/sswebservice.asmx
because of missing (or not found by me) detaild documentation.

How do i get a token without providing a password?
Thank you
Peter

Message from David

Fri, 08 Oct 2010 16:23:09 GMT

This is a feature request, but we will be sure to note that you have also requested it. Thank you for the request.

Message from Jonathan J

Fri, 08 Oct 2010 13:15:54 GMT

Is adding support for downloading files via web services API already a feature request?

In my case, we manage a lot of certificates and private key files that we must distribute to various servers. To accomplish this, we must persist the files to disk first, which is a step I'm looking to automate.

Message from Jonathan

Tue, 17 Aug 2010 05:42:59 GMT

Note that you don't have to embed your username/password in the code as in Kevin's example. You can always use Windows Authentication as long as you create a Secret Server user to match the user running the script.
http://support.thycotic.com/KB/a98/using-web-services-with-windows-authentication.aspx

Message from Kevin

Mon, 16 Aug 2010 18:52:09 GMT

I forgot to mention, base-64 encoding inflates the size by upto 3 times, so the formula is actually 1991 * 20 / 1024 / 3 = 13 K.

Message from Kevin

Mon, 16 Aug 2010 18:48:07 GMT

Correction: My code sample uses "Item01", Item02", and "Item03" in the template. That can be changed in line 27.

The more "ItemXX" fields there are, the more storage you have. If you have 20 fields, you can store roughly about 13 K of data (1991 * 20 / 1024). I would only recommend this for storing small files.

Message from Kevin

Mon, 16 Aug 2010 18:39:38 GMT

Per,

As David mentioned, viewing or modifying files through the web services is not supported. However, your idea of encoding the file into fields, and then re-constructing them on download would work. Here is a link to a PowerShell script I wrote that will do exactly that:

http://gist.github.com/528112

Basically, it will read a file, base-64 encode it, split it into 1991 character strings, and create a new secret. It assumes that the template is called "File Storage" and that all of the fields are "Field01", "Field02", "Field03" and are text fields.

Let me know if you need a script sample that also downloads the file and re-constructs it.

Message from Per P

Mon, 16 Aug 2010 07:44:13 GMT

What I am working on is creating software which can create secrets in Secret Server including uploading a file. Once this is done, later on, the software would go to Secret Server and ask for the file again. All this pure programatically, so no user interaction is going to be involved. Hence, it is not possible to leave the file field blank and handle the upload of files manually/interactively.

Only alternative I can come up with is programatically open the file, convert the file contents to one long HEX string a divide the string into smaller chunks (I believe that there is a limit on 1991 bytes on the fields), and create several fields holding each chunk and reverse the process when in need of downloading the files.

Any code examples in any language/technique or ideas on how to upload and download files in secrets are very welcome as I am really stuck here.

Message from David

Mon, 16 Aug 2010 07:24:38 GMT

Currently, you can not view file names through Web Services or PowerShell scripts. Because of this, there is no way to search secrets by file name using Web Services.

However, you can still search on other fields for secrets with file fields and add new secrets with file field types.

To add or update a secret with a file type field, you can leave the file field blank and otherwise treat it as a normal secret.

Let us know if you still have questions or still want a code example.

Message from Per P

Mon, 16 Aug 2010 03:17:55 GMT

Anyone have any Powershell (or other language) coding examples on how to add secrets and query secret with fields of type File?

All other field type seem to be quite easy to figure out since Powershell exposes all properties/methods except for the file field type.

Regards
Per Pedersen