Thycotic.SecretServer

0.41.0

functions/secrets/Revoke-Secret.ps1

function Revoke-Secret {
    <#
    .SYNOPSIS
    Expire a secret

    .DESCRIPTION
    Expire a secret

    .EXAMPLE
    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
    Revoke-TssSecret -TssSession $session -Id 42

    Expire Secret ID 42

    .LINK
    https://thycotic-ps.github.io/thycotic.secretserver/commands/Revoke-TssSecret

    .LINK
    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/secrets/Revoke-Secret.ps1

    .NOTES
    Requires TssSession object returned by New-TssSession
    #>
    [CmdletBinding(SupportsShouldProcess)]
    [OutputType('TssDelete')]
    param (
        # TssSession object created by New-TssSession for auth
        [Parameter(Mandatory, ValueFromPipeline, Position = 0)]
        [TssSession]
        $TssSession,

        # Secret ID
        [Parameter(Mandatory, ValueFromPipelineByPropertyName)]
        [Alias('SecretId')]
        [int[]]
        $Id,

        # Comment to provide for restricted secret (Require Comment is enabled)
        [Parameter(ParameterSetName = 'restricted')]
        [string]
        $Comment,

        # Double lock password, provie as a secure string
        [Parameter(ParameterSetName = 'restricted')]
        [securestring]
        $DoublelockPassword,

        # Check in the secret if it is checked out
        [Parameter(ParameterSetName = 'restricted')]
        [switch]
        $ForceCheckIn,

        # Include secrets that are inactive/disabled
        [Parameter(ParameterSetName = 'restricted')]
        [switch]
        $IncludeInactive,

        # Associated ticket number (required for ticket integrations)
        [Parameter(ParameterSetName = 'restricted')]
        [string]
        $TicketNumber,

        # Associated ticket system ID (required for ticket integrations)
        [Parameter(ParameterSetName = 'restricted')]
        [int]
        $TicketSystemId
    )
    begin {
        $tssParams = $PSBoundParameters
        $invokeParams = . $GetInvokeTssParams $TssSession

        $restrictedParamSet = . $ParameterSetParams $PSCmdlet.MyInvocation.MyCommand.Name 'restricted'
        $restrictedParams = @()
        foreach ($r in $restrictedParamSet) {
            if ($tssParams.ContainsKey($r)) {
                $restrictedParams += $r
            }
        }
    }
    process {
        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
            . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation
            foreach ($secret in $Id) {
                $restResponse = $null
                $uri = $TssSession.ApiUrl, 'secrets', $secret, 'expire' -join '/'
                $invokeParams.Uri = $uri
                $invokeParams.Method = 'POST'

                $expireBody = @{}
                $expireBody.responseType = 'json'
                if ($restrictedParams.Count -gt 0) {
                    switch ($tssParams.Keys) {
                        'Comment' { $expireBody.Add('comment', $Comment) }
                        'IncludeInactive' { $expireBody.Add('includeInactive', [boolean]$IncludeInactive) }
                        'ForceCheckIn' { $expireBody.Add('forceCheckIn', [boolean]$ForceCheckIn) }
                        'TicketNumber' { $expireBody.Add('ticketNumber', $TicketNumber) }
                        'TicketSystemId' { $expireBody.Add('ticketSystemId', $TicketSystemId) }
                        'DoublelockPassword' {
                            $passwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($DoublelockPassword))
                            $expireBody.Add('doubleLockPassword', $passwd)
                        }
                    }
                }
                $invokeParams.Body = $expireBody | ConvertTo-Json

                if (-not $PSCmdlet.ShouldProcess($secret, "$($invokeParams.Method) $uri with:`t$($invokeParams.Body)`n")) { return }
                Write-Verbose "Performing the operation $($invokeParams.Method) $uri with:`t$($invokeParams.Body)`n"
                try {
                    $restResponse = . $InvokeApi @invokeParams
                } catch {
                    Write-Warning "Issue expring Secret [$secret]"
                    $err = $_
                    . $ErrorHandling $err
                }

                if ($restResponse -and $restResponse.id -eq $secret) {
                    Write-Host "Secret [$secret] expired"
                }
            }
        } else {
            Write-Warning 'No valid session found'
        }
    }
}