Editing Custom Commands

The SSH type changers use the SSH protocol to access the machine. This type contains custom commands for password reset and can contain commands for the verify password functionality but most SSH type changers simply verify that a connection can be established with the username and password. The Telnet type changers use the Telnet protocol in order to access the machine and contain custom commands for both the password reset and the verify password functionality. The verify functionality is used in the heartbeat, as well as verifying that the password was changed successfully.

SSH key rotation type changers also include post-reset success and failure custom commands. These extra command sets are run after both the reset and verify functions are run and are used to either finalize the key rotation and password change (success) or clean up after a failure. If both the reset and verify functions are successful, the post-reset success command set is run. If either the reset or the verify fail, the post-reset failure command set is run.

To edit the custom commands, click on the Edit Commands button. This sets the command grids into Edit mode where you can add, update, or delete the commands in order to suit their purpose.

RPC-Mapped Text-Entry Fields

Prepend a $ to any text-entry field name to access that field. For example, to echo the notes value for a secret, you would use this command: echo $Notes. Commonly accessed fields include:

$USERNAME The username text-entry field mapped in RPC on the secret template.
$CURRENTPASSWORD The password text-entry field mapped in RPC on the secret template.
$NEWPASSWORD The next password (filled in Next Password textbox or auto-generated).
$PRIVATEKEY The private key text-entry field mapped in RPC on the secret template.
$NEWPRIVATEKEY The next private key (filled in Next Private Key text box or auto-generated).
$CURRENTPUBLICKEY The public key text-entry field mapped in RPC on the secret template.
$NEWPUBLICKEY The next public key (generated from the next private key).
$PASSPHRASE The passphrase text-entry field mapped in RPC on the secret template.
$NEWPASSPHRASE The next passphrase (filled in Next Private Key Passphrase text box or auto-generated).

Associated Reset Secrets

$[1]$ Adding this prefix to any text-entry field targets the associated reset secret with order 1.
$[1]$USERNAME The mapped username of the associated secret, identified by order. Can also reference any other property on the associated secret. Common examples include:
$[1]$PASSWORD
$[1]$CURRENTPASSWORD
$[1]$PRIVATE KEY
$[1]$PRIVATE KEY PASSPHRASE
$[SID:105] Adding this prefix to any text-entry field targets the associated reset secret with a secret Id of 105.
$[SID:105]$USERNAME The mapped username of the associated secret, identified by secret id. Like referencing an associated secret by order, referencing by secret id can also access any text-entry field on the secret by name.

Both the mapped text-entry fields and secret text-entry field names can be used.

Check-Result Commands

$$CHECKCONTAINS <text> Checks that the response from last command contains <text>.
$$CHECKFOR <text> Checks that the response from the last command equals <text>.
$$CHECKNOTCONTAINS <text> Checks that the response from last command does not contain <text>.

If these conditions are not met the process fails and immediately returns a result.

If you want to exit out of the command set early without triggering a failure, echo an "OK" on the line immediately preceding the exit 0; statement. "OK" must be the only text in the response from the server for this to work.

You can test out your password reset and verify password command sets by clicking on the Test Action buttons next to the relevant sections. All communication between Secret Server and the target machine is displayed when using these test buttons.