PowerShell Add/Update Secret Example

Here is an example of a PowerShell script that adds an Active Directory secret. Note that the you will need PowerShell 2.0 (and not the default 1.0) installed to run the script. Replace the relevant parameters with your own values:

#Helper Function
function GetFieldId($template, [string]$name) {

Return ($template.Fields | Where {$_.DisplayName -eq $name}).Id
}

function CreateNewSecret {

param($accountUserName)

#fill in username, password, and baseUrl for your Secret Server.
    $username = 'enter username'
    $password = 'enter password'
    $domain = ''
    $baseUrl = 'http:// enter the URL to secret server with and page name'
    $url = $baseUrl + '/webservices/SSWebService.asmx'
    $proxy = New-WebServiceProxy -uri $url -UseDefaultCredential 
    $tokenResult = $proxy.Authenticate($username, $password, '', $domain)
    if($tokenResult.Errors.Count -gt 0)
    {
        $msg = "Authentication Error: " +  $tokenResult.Errors[0]
        echo $msg
        Return
    }
    $token = $tokenResult.Token
    $templateName = "RPC - Active Directory Account"
    $template = $proxy.GetSecretTemplates($token).SecretTemplates | Where {$_.Name -eq $templateName}
    if($template.id -eq $null)
    {
        $msg = "Error: Unable to find Secret Templete " +  $templateName
        echo $msg
        Return
    }
    #enter the domain for the AD account you are creating
    $domain = "MyDomain"
    if( $accountUserName -eq $null)
    {
        $accountUserName = "New User"
    }
    $msg = "Creating Active Directory Account: " + $domain + "\" + $accountUserName;
    echo $msg
    
    #Password is set to null so will generate a new one based on settings on template
    $newPass = $null
    if($newPass -eq $null)
    {
        echo "Generating New Password for account"
        $secretFieldIdForPassword = (GetFieldId $template "Password")
        $newPass = $proxy.GeneratePassword($token, $secretFieldIdForPassword).GeneratedPassword
    }

    $secretName = $domain + "\" + $accountUserName
    $secretItemFields = ((GetFieldId $template "Domain"), (GetFieldId $template "Username"), (GetFieldId $template "Password"), (GetFieldId $template "Notes"))
    $secretItemValues=($domain,$UserName,$newPass, "")
    $folderId = -1;
        
    $addResult = $proxy.AddSecret($token, $template.Id, $secretName, $secretItemFields, $secretItemValues, $folderId)
    if($addResult.Errors.Count -gt 0)
    {
        $msg = "Add Secret Error: " +  $addResult.Errors[0]
        echo $msg
        Return
    }
    else
    {
        $msg = "Succesfully added Secret: " +  $addResult.Secret.Name + " (Secret Id:" + $addResult.Secret.Id + ")"
        echo $msg
        Return
    }
}

CreateNewSecret 'testuser’



Update Secret:

$username = 'username'
$password = 'password'
$domain = ''
$url = 'http://SECRETSERVERURL/webservices/sswebservice.asmx'
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential 
$token = $proxy.Authenticate($username, $password, '', $domain).Token
$secret = $proxy.GetSecret($token, 1, $false, $null)
$secret.Secret.Items[0].value = 'NewValue'
$update = $proxy.UpdateSecret($token,$secret.Secret)

Article ID: 167, Created On: 7/4/2011, Modified: 10/9/2013

Feedback (1)

Chris Berry

I've changed this just a bit to make this a standard password add to a custom template. Here is the code:


#Helper Function
function GetFieldId($template, [string]$name) {
Return ($template.Fields | Where {$_.DisplayName -eq $name}).Id
}

function CreateNewSecret {
param($accountUserName)

#fill in username, password, and baseUrl for your Secret Server.
$username = 'serviceaccount'
$password = 'changeme'
$domain = 'changeme'
$baseUrl = 'http://mywebserver'
$url = $baseUrl + '/webservices/SSWebService.asmx'
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential
$tokenResult = $proxy.Authenticate($username, $password, '', $domain)
if($tokenResult.Errors.Count -gt 0)
{
$msg = "Authentication Error: " + $tokenResult.Errors[0]
echo $msg
Return
}
$token = $tokenResult.Token
$templateName = "Custom Template name"
$template = $proxy.GetSecretTemplates($token).SecretTemplates | Where {$_.Name -eq $templateName}
if($template.id -eq $null)
{
$msg = "Error: Unable to find Secret Templete " + $templateName
echo $msg
Return
}

#$domain = "domain"
$accountUserName = "accountname"

#Password is set to null so will generate a new one based on settings on template OR you can set it to whatever you want and just comment out the following if statement.
$newPass = $null
if($newPass -eq $null)
{
echo "Generating New Password for account"
$secretFieldIdForPassword = (GetFieldId $template "Password")
$newPass = $proxy.GeneratePassword($token, $secretFieldIdForPassword).GeneratedPassword
}


$secretname = $env:computername
$secretItemFields = ((GetFieldId $template "Server"), (GetFieldId $template "Username"), (GetFieldId $template "Password"))
$secretItemValues=($secretname,$accountusername,$newPass)
$folderId = X (change to correct folder ID);

$addResult = $proxy.AddSecret($token, $template.Id, $secretname,$secretItemFields, $secretItemValues, $folderId)
if($addResult.Errors.Count -gt 0)
{
$msg = "Add Secret Error: " + $addResult.Errors[0]
echo $msg
Return
}
else
{
$msg = "Succesfully added Secret: " + $addResult.Secret.Name + " (Secret Id:" + $addResult.Secret.Id + ")"
echo $msg
Return
}

}

CreateNewSecret 'testuser'

11/6/2012 at 4:49 PM