REST API PowerShell Scripts
To use the REST API you first must enable Webservices. To do so, go to Admin > Configuration general tab. Enabling Webservices simply makes the ASP.NET REST Webservices built into Secret Server available.
For a full reference of the REST endpoints and parameters, see the REST API Reference Download.
When using the API to search secrets, the account used must have at least "view" permissions on the full folder path to find the secret.
Secret Server Cloud exclusively supports TLS 1.2. This version includes fixes for known vulnerabilities in older TLS versions and will eventually be required for PCI compliance. The following will need to be added to the top of your scripts because PowerShell defaults to TLS 1.0:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12Secret Server Cloud API users: If Delinea One is enabled, and an API user logging on has an email address set in Secret Server, the user must use the Delinea One password, instead of the local Secret Server password. Using a local account password will fail. Use one of these workarounds:
- Disable Delinea One, if not needed
- Use the Delinea One password instead
- Use a user account that does not have an email address in Secret Server
Please see Script Authentication Using Tokens for instructions on acquiring a token for the scripts below.
Authentication
See Script Authentication Using Tokens for creating a token to use in the script examples below.
Searching Secrets
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
$filters = "?filter.includeRestricted=true&filter.searchtext=< mySearchText >"
Write-Host "------------------------------"
Write-Host "----- Secret Search Values -----"
Write-Host "------------------------------"
#?filter.searchfield=username&filter.searchfield=displayname&filter.searchfield=filter.searchText=mister&filter.includeinactive=true" -Headers $headers
$result = Invoke-RestMethod "$api/secrets$filters" -Headers $headers
Write-Host $result.filter.searchField
Write-Host $result.total
foreach($secret1 in $result.records)
{
Write-Host $secret1.id" - "$secret1.name" - "$secret1.folderId - $secret1.lastHeartBeatStatus
}
Write-Host "------------------------------"
Write-Host "----- Secret Lookup Values -----"
Write-Host "------------------------------"
#?filter.searchfield=username&filter.searchfield=displayname&filter.searchfield=filter.searchText=mister&filter.includeinactive=true" -Headers $headers
$result = Invoke-RestMethod "$api/secrets/lookup$filters" -Headers $headers
Write-Host $result.filter.searchField
Write-Host $result.total
foreach($secret in $result.records)
{
Write-Host $secret.id" - "$secret.value
}
Write-Host "------------------------------"
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Creating a Secret
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#stub
$templateId = <Your Secret Template ID>
$secret = Invoke-RestMethod $api"/secrets/stub?filter.secrettemplateid=$templateId" -Headers $headers
#modify
$secret.name = <Your Secret Name>
$secret.secretTemplateId = $templateId
$secret.AutoChangeEnabled = $false
$secret.autoChangeNextPassword = <Next Password Value>
$secret.SiteId = <Your Site ID>
$secret.folderId = <Your Folder ID>
foreach($item in $secret.items)
{
if($item.fieldName -eq "Domain")
{
$item.itemValue = <Your Domain>
}
if($item.fieldName -eq "Username")
{
$item.itemValue = <Username>
}
if($item.fieldName -eq "Password")
{
$item.itemValue = <Password>
}
}
$secretArgs = $secret | ConvertTo-Json
#create
Write-Host ""
Write-Host "-----Create secret -----"
$secret = Invoke-RestMethod $api"/secrets/" -Method Post -Body $secretArgs -Headers $headers -ContentType "application/json"
$secret1 = $secret | ConvertTo-Json
Write-Host $secret1
Write-Host $secret.id
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody
}
Editing a Secret
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#get
$secretId = <Secret ID>
$secret = Invoke-RestMethod $api"/secrets/$secretId/" -Headers $headers
#modify
$secret.RequiresComment = $true #Example only. Available fields to edit can be found at https://<Your URL>/RestApiDocs.ashx?doc=token-help#tag/Secrets/operation/SecretsService_UpdateSecret
$secretArgs = $secret | ConvertTo-Json
#update
Write-Host ""
Write-Host "-----Update secret -----"
$secret = Invoke-RestMethod $api"/secrets/$secretId" -Method Put -Body $secretArgs -Headers $headers -ContentType "application/json"
$secretUpdate = $secret | ConvertTo-Json
Write-Host $secretUpdate
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody
}
Checking in a Secret
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
$secretId = <Your Secret ID>
$secret = Invoke-RestMethod $api"/secrets/$secretId/check-in" -Method Post -Body $secretArgs -Headers $headers -ContentType "application/json"
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody
}
Deleting a Secret
Copy
try
{
$api = "<URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
$secretId = <Your Secret ID>
Write-Host "----- Delete a Secret -----"
$deletemodel = Invoke-RestMethod "$api/secrets/$secretId" -Headers $headers -Method DELETE -ContentType "application/json"
Write-Host $deletemodel
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Creating a User
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# create user
Write-Host ""
Write-Host "----- Create a User -----"
$userCreateArgs = @{ #More fields available at https://<Your URL>/RestApiDocs.ashx?doc=token-help#tag/Users/operation/UsersService_CreateUser
userName = <Username>
password = <Password>
DisplayName = <Display Name>
enabled = $true #Not required. Default is false.
} | ConvertTo-Json
$user = Invoke-RestMethod "$api/users" -Headers $headers -Method Post -ContentType "application/json" -Body $userCreateArgs
Write-Host "New User ID : " $user.id
}
catch
{
Write-Debug "----- Exception -----"
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Update Secret Field
This script requires Secret Server 10.1 or later.
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#Secret ID and Field to update
$secretId = <Your Secret ID>
$fieldToUpdate = <Field to Update>
$endpoint = "$api/secrets/$secretId/fields/$fieldToUpdate"
$body = @{
value = <New Value>
}| ConvertTo-Json
echo $endpoint
echo ----------------------------------------------------------------------------------------------------
echo ----------------------------------------------------------------------------------------------------
echo "Updating Field $fieldToUpdate"
$response = Invoke-RestMethod -Method Put -Uri $endpoint -Headers $headers -ContentType "application/json" -Body $body
echo $response;
}
catch
{
Write-Debug "----- Exception -----"
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Get Secret Field Value
This script requires Secret Server 10.1 or later.
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#Secret ID and Field to test against
$secretId = <Your Secret ID>
$field = <Field name>
$endpoint ="$api/secrets/$secretId/fields/$field"
$response = $null
$response = Invoke-RestMethod -Method Get -Uri $endpoint -Headers $headers
echo $response;
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}Upload File to Secret
This script requires Secret Server 10.1 or later.
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#Secret ID and File to upload
$fileSecretId = <Your Secret ID>
$fileFieldToUpdate = <Field Name to Store File>
echo ----------------------------------------------------------------------------------------------------
echo "Uploading file from $fileFieldToUpdate"
$endpoint ="$api/secrets/$fileSecretId/fields/$fileFieldToUpdate"
echo $endpoint
$secretArgs = @{
fileName = <File Name>
fileAttachment = [IO.File]::ReadAllBytes(<File Path>)
} | ConvertTo-Json
$response = $null
$response = Invoke-RestMethod -Method Put -Uri $endpoint -Headers $headers -Body $secretArgs -ContentType "application/json"
echo $response
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}Download File From Secret
This script requires Secret Server 10.1 or later.
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
#Secret ID and File to download
$fileSecretId = <Your Secret ID>
$fileFieldToUpdate = <Field Name Storing File>
$downloadPath = <Your Download path, including file name being downloaded>
echo "Downloading file from $fileFieldToUpdate"
$endpoint ="$api/secrets/$fileSecretId/fields/$fileFieldToUpdate"
echo $endpoint
$response = $null
$response = Invoke-RestMethod -Method Get -Uri $endpoint -Headers $headers -OutFile $downloadPath
Write-Host $response.Length
Write-Host $response
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Expiring a Token
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
foreach($user in $pagedUsers.records)
{
Write-Host $user.userName
}
# expire token
Write-Host ""
Write-Host "----- Expire Token -----"
$expireToken = Invoke-RestMethod "$api/oauth-expiration" -Headers $headers -Method Post
# This part should fail with a 403 Forbidden
Write-Host ""
Write-Host "----- Expect an error -----"
$secrets = Invoke-RestMethod "$api/secrets" -Headers $headers
}
catch
{
Write-Debug "----- Exception -----"
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}Add Folder
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderStub.folderName = <Your Folder Name>
$folderStub.folderTypeId = 1
$folderStub.inheritPermissions = $false
$folderStub.inheritSecretPolicy = $false
$folderArgs = $folderStub | ConvertTo-Json
$folderAddResult = Invoke-RestMethod $api"/folders" -Method POST -Body $folderArgs -Headers $headers -ContentType "application/json"
$folderId = $folderAddResult.id
if($folderId-gt 1)
{
echo ""
echo "-----------------------"
echo "--Add Folder Successful--"
echo "-----------------------"
echo ""
echo $folderAddResult | ConvertTo-Json
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Delete Folder
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderId = <Your Secret ID>
$folderArgs = $folderStub | ConvertTo-Json
$folderDelete = Invoke-RestMethod $api"/folders/$folderId" -Method DELETE -Body $folderArgs -Headers $headers -ContentType "application/json"
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}Get Folder
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderId = <Your Secret ID>
$folderGetResult = Invoke-RestMethod $api"/folders/$folderid" -Method GET -Headers $headers -ContentType "application/json"
if($folderGetResult.id -eq $folderId)
{
echo ""
echo "-----------------------"
echo "--Get Folder Successful--"
echo "-----------------------"
echo ""
echo $folderGetResult | ConvertTo-Json
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Add Child Folder
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderStub.folderName = <Folder Name>
$folderStub.folderTypeId = 1
$folderStub.inheritPermissions = $false
$folderStub.inheritSecretPolicy = $false
$folderStub.parentFolderId = <Parent Folder ID>
$folderArgs = $folderStub | ConvertTo-Json
$folderChildAddResult = Invoke-RestMethod $api"/folders" -Method POST -Body $folderArgs -Headers $headers -ContentType "application/json"
$childfolderId = $folderChildAddResult.id
if($childfolderId-gt 1)
{
echo ""
echo "-----------------------"
echo "--Add Child Folder Successful--"
echo "-----------------------"
echo ""
echo $folderChildAddResult | ConvertTo-Json
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Update Folder
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod "$api/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderId = <Folder ID of folder to update>
$folderStub.folderName = <Folder Name>
$folderStub.folderTypeId = 1
$folderStub.id = $folderId
$folderUpdateArgs = $folderStub | ConvertTo-Json
$folderUpdateResult = Invoke-RestMethod "$api/folders/$folderId" -Method PUT -Body $folderUpdateArgs -Headers $headers -ContentType "application/json"
Write-Host $folderUpdateResult
if($folderUpdateResult.folderId -eq $folderId)
{
echo ""
echo "-----------------------"
echo "--Update Folder Successful--"
echo "-----------------------"
echo ""
echo $childFolderUpdateResult | ConvertTo-Json
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Search Folders
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$searchFilter ="?filter.searchText=<Search Text>"
$searchResults = Invoke-RestMethod $api"/folders$searchFilter" -Method GET -Headers $headers -ContentType "application/json"
$folder = $searchResults.records[0]
echo $searchResults
echo $folder
$name = <Folder Name>
if($searchResults.total -gt 0 -and $folder.folderName -eq $name)
{
echo ""
echo "------------------------------"
echo "--Search Folder Successful--"
echo "------------------------------"
echo ""
echo $group
}
else
{
Write-Error "ERROR: Failed to Search Folders."
return
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Lookup Folders
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$lookupFilter = "?filter.searchText=<Search Text>"
$lookupResults = Invoke-RestMethod $api"/folders/lookup$lookupFilter" -Method GET -Headers $headers -ContentType "application/json"
$folder = $lookupResults.records[0]
echo $lookupResults
echo $folder
if($searchResults.total -gt 0 -and $folder.value -eq $name)
{
echo ""
echo "------------------------------"
echo "--Lookup Folder Successful--"
echo "------------------------------"
echo ""
echo $folder
}
else
{
Write-Error "ERROR: Failed to Lookup Folders."
return
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Add Folder Permissions
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
# Get Folder Stub
$folderStub = Invoke-RestMethod "$api/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
$folderId = <Your Folder ID>
$folderPermissionCreateArgs = Invoke-RestMethod $api"/folder-permissions/stub?filter.folderId=$folderId" -Method GET -Headers $headers -ContentType "application/json"
$folderPermissionCreateArgs.GroupId = <Group ID. $null if assigning by user.>
$folderPermissionCreateArgs.UserId = <User ID. $null if assigning by group.>
$folderPermissionCreateArgs.FolderAccessRoleName = <Role Name>
$folderPermissionCreateArgs.SecretAccessRoleName = <Role Name>
$permissionArgs = $folderPermissionCreateArgs | ConvertTo-Json
$permissionResults = Invoke-RestMethod "$api/folder-permissions" -Method POST -Headers $headers -Body $permissionArgs -ContentType "application/json"
if($permissionResults.FolderId -eq $folderId)
{
echo ""
echo "-------------------------------------"
echo "--Add Folder Permissions Successful--"
echo "-------------------------------------"
echo ""
echo $permissionResults
}
else
{
Write-Error "ERROR: Failed to Add Folder Permissions."
return
}
$folderPermissionId = $permissionResults.id
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
Delete Folder Permissions
This script requires Secret Server 10.1 or later.
Copy
try
{
$api = "<Secret Server URL>/api/v1"
$token = "<TOKEN>"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer $token")
$folderId = <Folder ID of folder being modified>
$userId = <User ID of the user being removed from folder>
# Get Folder Stub
$folderStub = Invoke-RestMethod "$api/folders/$folderId" -Method GET -Headers $headers -ContentType "application/json"
$folderPermissionId = Invoke-RestMethod "$api/folder-permissions/$folderId/?filter.userId=$userId" -Method GET -Headers $headers -ContentType "application/json"
$permissionDeleteResult = Invoke-RestMethod "$api/folder-permissions/$folderPermissionId" -Method DELETE -Headers $headers -ContentType "application/json"
if($permissionDeleteResult.id -eq $folderPermissionId)
{
echo ""
echo "----------------------------------------"
echo "--Remove Folder Permissions Successful--"
echo "----------------------------------------"
echo ""
}
else
{
Write-Error "ERROR: Failed to Remove Folder Permissions."
return
}
}
catch [System.Net.WebException]
{
Write-Host "----- Exception -----"
Write-Host $_.Exception
Write-Host $_.Exception.Response.StatusCode
Write-Host $_.Exception.Response.StatusDescription
$result = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($result)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
Write-Host $responseBody.errorCode " - " $responseBody.message
foreach($modelState in $responseBody.modelState)
{
$modelState
}
}
