public/Get-VPASAccountPrivateSSHKey.ps1

<#
.Synopsis
   GET PRIVATE SSH KEY VALUE
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO GET PRIVATE SSH KEY VALUE OF AN ACCOUNT IN CYBERARK
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER safe
   Safe name that will be used to query for the target account if no AcctID is passed
.PARAMETER username
   Username that will be used to query for the target account if no AcctID is passed
.PARAMETER platform
   PlatformID that will be used to query for the target account if no AcctID is passed
.PARAMETER address
   Address that will be used to query for the target account if no AcctID is passed
.PARAMETER AcctID
   Unique ID that maps to a single account, passing this variable will skip any query functions
.PARAMETER Reason
   Define a reason for connecting for audit purposes
.PARAMETER SaveToFile
   The key will be saved to a PEM file
.PARAMETER HideOutput
   Suppress any output to the console
.EXAMPLE
   $SSHKey = Get-VPASAccountPrivateSSHKey -reason {REASON VALUE} -safe {SAFE VALUE} -address {ADDRESS VALUE}
.OUTPUTS
   SSH key of target account if successful
   $false if failed
#>

function Get-VPASAccountPrivateSSHKey{
    [OutputType([String],[bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        [String]$safe,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [String]$platform,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [String]$username,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [String]$address,

        [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter reason for pulling credentials (for example: 'CSTASK1234 - patching')",Position=4)]
        [String]$reason,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]
        [String]$AcctID,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]
        [Switch]$SaveToFile,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=7)]
        [Switch]$HideOutput,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=8)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        write-verbose "SUCCESSFULLY PARSED PVWA VALUE"
        write-verbose "SUCCESSFULLY PARSED TOKEN VALUE"
        write-verbose "SUCCESSFULLY PARSED REASON VALUE"


        if([String]::IsNullOrEmpty($AcctID)){

            Write-Verbose "NO ACCOUNT ID PROVIDED, INVOKING HELPER FUNCTION"

            $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address

            write-verbose "ACCOUNT ID WAS RETURNED"
            if($AcctID -eq -1){
                $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY WITH SPECIFIED PARAMETERS"
                Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E
                return $false
            }
            elseif($AcctID -eq -2){
                $log = Write-VPASTextRecorder -inputval "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-Verbose "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS"
                Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E
                return $false
            }
            else{
                try{
                    Write-Verbose "MAKING API CALL TO CYBERARK"
                    $params = @{
                        reason=$reason;
                    }
                    $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
                    $params = $params | ConvertTo-Json

                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json"
                    }
                    Write-Verbose "PARSING DATA FROM CYBERARK"
                    Write-Verbose "RETURNING ACCOUNT DETAILS"

                    if($SaveToFile){
                        if([String]::IsNullOrEmpty($response)){
                            Write-Verbose "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE"
                            if(!$HideOutput){
                                Write-VPASOutput -str "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" -type M
                            }
                            $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC
                            return $response
                        }
                        else{
                            Write-Verbose "SSH KEY SAVED TO FILE"
                            $curUser = $env:USERNAME
                            $saveDir = "C:\Users\$curUser\Downloads\$AcctID-PrivateSSHKey.pem"
                            write-output $response | Set-Content $saveDir
                            if(!$HideOutput){
                                Write-VPASOutput -str "SSH KEY SAVED TO FILE: $saveDir" -type C
                            }
                            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                            return $true
                        }
                    }
                    else{
                        $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC
                        return $response
                    }
                }catch{
                    $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-Verbose "COULD NOT RETRIEVE SSH KEY DETAILS"
                    Write-VPASOutput -str $_ -type E
                    return $false
                }
            }
        }
        else{
            Write-Verbose "ACCOUNT ID PROVIDED, SKIPPING HELPER FUNCTION"
                try{
                    Write-Verbose "MAKING API CALL TO CYBERARK"
                    $params = @{
                        reason=$reason;
                    }
                    $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
                    $params = $params | ConvertTo-Json

                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve"
                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Retrieve"
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Body $params -Method POST -ContentType "application/json"
                    }
                    Write-Verbose "PARSING DATA FROM CYBERARK"
                    Write-Verbose "RETURNING ACCOUNT DETAILS"

                    if($SaveToFile){
                        if([String]::IsNullOrEmpty($response)){
                            Write-Verbose "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE"
                            if(!$HideOutput){
                                Write-VPASOutput -str "SSH KEY IS BLANK, NOTHING TO SAVE TO FILE" -type M
                            }
                            $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC
                            return $response
                        }
                        else{
                            Write-Verbose "SSH KEY SAVED TO FILE"
                            $curUser = $env:USERNAME
                            $saveDir = "C:\Users\$curUser\Downloads\$AcctID-PrivateSSHKey.pem"
                            write-output $response | Set-Content $saveDir
                            if(!$HideOutput){
                                Write-VPASOutput -str "SSH KEY SAVED TO FILE: $saveDir" -type C
                            }
                            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                            return $true
                        }
                    }
                    else{
                        $log = Write-VPASTextRecorder -inputval "SSH KEY RETURNED: ***" -token $token -LogType MISC
                        return $response
                    }
                }catch{
                    $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-Verbose "COULD NOT RETRIEVE SSH KEY DETAILS"
                    Write-VPASOutput -str $_ -type E
                    return $false
                }
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}