Thycotic Community - Secret Server - Retriving secrets through command line. - Messages

Message from Ameya A

Thu, 06 Oct 2011 09:25:25 GMT

Thanks for that.

I did try and still it is not working.

I am logging in a support ticket as I do not wish to expose the details of server on forums.

Hope that is okay with you.

Regards,
Ameya Agashe.

Message from david c

Wed, 05 Oct 2011 10:48:50 GMT

Hi Ameya,

We have just created a KB article covering a couple different ways to interact with Secret Server's web services (installed edition). The article is located at http://support.thycotic.com/KB/a181/using-curl-with-web-services.aspx

Message from david c

Wed, 05 Oct 2011 09:38:59 GMT

Hi Ameya,

My earlier response was incorrect, commands that work are as follows:

This returns the token:

curl -v -H "Content-Type: application/x-www-form-urlencoded" -d "username={NAME}&password={PASSWORD}&organization=&domain=" --url "http://{URL TO SS}/webservices/sswebservice.asmx/Authenticate"

This uses the token to get the Secret:

curl -v -H "Content-Type: application/x-www-form-urlencoded" -d "secretId=1&token={TOKEN}" --url "http://{URL TO SS}/webservices/sswebservice.asmx/GetSecret"

When testing I used the Win 64 no-ssl version of Curl, obtainable along with its SSL equivalent here: http://curl.haxx.se/dlwiz/?type=bin&os=Win64

Please let us know how this works on your end.

Message from Ameya A

Sat, 01 Oct 2011 01:53:13 GMT

I can confirm that webservices works, that is first authenticate to get token and then use token to have secretId but I am not sure why it doesn't work via curl?

Message from Ameya A

Fri, 30 Sep 2011 17:33:26 GMT

Thanks for that David.
Yes I did saw that perl example but I don't know about perl I kept it aside

Now If I do I am not getting any response.

I redirected the out to be xml file.
The operation was,
curl -v --url "https://secretserver.transurban.com/ss/webservices/sswebservice.asmx?op=GetSecret&secretId=1835" --user "username:password" > 2.xml

[aagashe@tcolpdapp01 ~]$ cat 2.xml

BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; }
#content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; }
A:link { color: #336699; font-weight: bold; text-decoration: underline; }
A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; }
A:active { color: #336699; font-weight: bold; text-decoration: underline; }
A:hover { color: cc3300; font-weight: bold; text-decoration: underline; }
P { color: #000000; margin-top: 0px; margin-bottom: 12px; font-family: Verdana; }
pre { background-color: #e5e5cc; padding: 5px; font-family: Courier New; font-size: x-small; margin-top: -5px; border: 1px #f0f0e0 solid; }
td { color: #000000; font-family: Verdana; font-size: .7em; }
h2 { font-size: 1.5em; font-weight: bold; margin-top: 25px; margin-bottom: 10px; border-top: 1px solid #003366; margin-left: -15px; color: #003366; }
h3 { font-size: 1.1em; color: #000000; margin-left: -15px; margin-top: 10px; margin-bottom: 10px; }
ul { margin-top: 10px; margin-left: 20px; }
ol { margin-top: 10px; margin-left: 20px; }
li { margin-top: 10px; color: #000000; }
font.value { color: darkblue; font: bold; }
font.key { color: darkgreen; font: bold; }
font.error { color: darkred; font: bold; }
.heading1 { color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal; background-color: #003366; margin-top: 0px; margin-bottom: 0px; margin-left: -30px; padding-top: 10px; padding-bottom: 3px; padding-left: 15px; width: 105%; }
.button { background-color: #dcdcdc; font-family: Verdana; font-size: 1em; border-top: #cccccc 1px solid; border-bottom: #666666 1px solid; border-left: #cccccc 1px solid; border-right: #666666 1px solid; }
.frmheader { color: #000000; background: #dcdcdc; font-family: Verdana; font-size: .7em; font-weight: normal; border-bottom: 1px solid #dcdcdc; padding-top: 2px; padding-bottom: 2px; }
.frmtext { font-family: Verdana; font-size: .7em; margin-top: 8px; margin-bottom: 0px; margin-left: 32px; }
.frmInput { font-family: Verdana; font-size: 1em; }
.intro { margin-left: -15px; }

SSWebService Web Service

SSWebService

Click here for a complete list of operations.
GetSecret

Test

To test the operation using the HTTP POST protocol, click the 'Invoke' button.

Parameter
Value

token:

secretId:

SOAP 1.1

The following is a sample SOAP 1.1 request and response. The placeholders shown need to be replaced with actual values.

POST /ss/webservices/sswebservice.asmx HTTP/1.1
Host: secretserver.transurban.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "urn:thesecretserver.com/GetSecret"

http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="">http://schemas.xmlsoap.org/soap/envelope/">

string
int

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="">http://schemas.xmlsoap.org/soap/envelope/">

string
string

string

int
int
int
boolean

SOAP 1.2

The following is a sample SOAP 1.2 request and response. The placeholders shown need to be replaced with actual values.

POST /ss/webservices/sswebservice.asmx HTTP/1.1
Host: secretserver.transurban.com
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="">http://www.w3.org/2003/05/soap-envelope">

string
int

HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="">http://www.w3.org/2003/05/soap-envelope">

string
string

string

int
int
int
boolean

HTTP GET

The following is a sample HTTP GET request and response. The placeholders shown need to be replaced with actual values.

GET /ss/webservices/sswebservice.asmx/GetSecret?token=string&secretId=string HTTP/1.1
Host: secretserver.transurban.com

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

string
string

string

string
int
int
string
boolean
boolean
boolean
string

string
int
int
string
boolean
boolean
boolean
string

int
int
int
boolean

HTTP POST

The following is a sample HTTP POST request and response. The placeholders shown need to be replaced with actual values.

POST /ss/webservices/sswebservice.asmx/GetSecret HTTP/1.1
Host: secretserver.transurban.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length

token=string&secretId=string

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

string
string

string

string
int
int
string
boolean
boolean
boolean
string

string
int
int
string
boolean
boolean
boolean
string

int
int
int
boolean

I tried operation "Authenticate" but same no reponse for node value "token".

Kindly advise.

Many thanks,
Ameya

Message from david c

Fri, 30 Sep 2011 11:07:54 GMT

Hi Ameya,

There are many ways of fetching Secret Server data through webservices. Perl, PowerShell, .NET, etc.

Curl can definitely be used.
You pass the secretId like so:

curl -v --url "http://our-secret-server-url/sswebservices/sswebservice.asmx?op=GetSecret&secretId=1" --user "username:password"

The result will be XML.

If you want only specific information from the XML you will need to parse it or deserialize it to an object and fetch the value from the object.

You can find various examples in our Knowledge Base. For example, this post uses Perl: http://support.thycotic.com/KB/a86/accessing-secret-server-programmatically-perl-sample-script.aspx

Message from Ameya A

Fri, 30 Sep 2011 10:04:09 GMT

Hi,

Our organization is using seceret server version Version: 7.1.000015.

What I want is to retieve secrets but through command line.

Input secretId, username & password.

Output:*For any template* I want field value of userName and Password*

curl -v --url "https://our-seceret-server-webservices-url/ss/webservices/sswebservice.asmx?op=GetSecret" --user "username:password"

Firstly is curl the right way or should I use any other tool?

If curl is right way how can give secret id while passing through url?

Let say I want secretId 0001 to be fetched what should be my input url?
curl -v --url "https://our-seceret-server-webservices-url/ss/webservices/sswebservice.asmx?op=GetSecret" --user "username:password"

Please assist here.
Many Thanks,
Ameya