Accessing Secret Server programmatically - Curl

Curl is a command-line tool for transferring data with URL syntax.  The download wizard for the executable can be found here.

When using Secret Server's Web Services, it is important to keep a few items in mind.
1) When using the http://your-secret-server-url/webservices/sswebservice.asmx web service, a call must be made to Authenticate first. The token returned by this method is required by all the other methods.
2) When using the http://your-secret-server-url/winauthwebservices/sswinauthwebservice.asmx web service, the user making the call must be NTLM authenticated and must exist as an enabled user in Secret Server.

Using Curl with the first method:

STEP 1:
curl -v -H "Content-Type: application/x-www-form-urlencoded" -d "username={NAME}&password={PASSWORD}&organization=&domain=" --url "http://your-secret-server-url/webservices/sswebservice.asmx/Authenticate"

This returns the token in the form below:
<?xml version="1.0" encoding="utf-8"?>
<AuthenticateResult xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:
xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:thesecretserver.com">
  <Errors />
  <Token>{TOKEN}</Token>
</AuthenticateResult>


STEP 2:
curl -v -H "Content-Type: application/x-www-form-urlencoded" -d "secretId={SECRET ID}&token={TOKEN}" --url "http://your-secret-server-url/webservices/sswebservice.asmx/GetSecret"

This returns the requested Secret in XML form similar to the following:
<?xml version="1.0" encoding="utf-8"?>
<GetSecretResult xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd
="http://www.w3.org/2001/XMLSchema" xmlns="urn:thesecretserver.com">
  <Errors />
  <Secret>
    <Name>{SECRET NAME}</Name>
    <Items>
      <SecretItem>
        <Value>ABCDEF</Value>
        <Id>1</Id>
        <FieldId>1</FieldId>
        <FieldName>FullName</FieldName>
        <IsFile>false</IsFile>
        <IsNotes>false</IsNotes>
        <IsPassword>false</IsPassword>
        <FieldDisplayName>Full Name</FieldDisplayName>
      </SecretItem>
      {MORE SECRET ITEMS HERE...}
    </Items>
    <Id>1</Id>
    <SecretTypeId>1</SecretTypeId>
    <FolderId>1</FolderId>
    <IsWebLauncher>false</IsWebLauncher>
  </Secret>
</GetSecretResult>

Using Curl with the second method (the credentials passed in must be a domain user that is enabled within Secret Server):

curl --ntlm --url "http://your-secret-server-url/winauthwebservices/sswinauthwebservice.asmx/GetSecret?secretId={SECRET ID}" --user "{USER}:{PASSWORD}"

This returns the Secret in the same XML format displayed above.

Article ID: 181, Created On: 10/5/2011, Modified: 3/27/2013