public/Invoke-VPASCredentialProvider.ps1
<#
.Synopsis CREDENTIAL PROVIDER API CALL CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE ACCOUNT INFORMATION VIA CREDENTIAL PROVIDER .PARAMETER ApplicationID The application ID that has access to the safe that will retrieve the account information .PARAMETER Safe Safe that the target account is located in .PARAMETER ObjectName Unique identifier of the target account .PARAMETER Folder A directory within a safe that the target account is located in Default value: root .PARAMETER Reason Purpose for pulling the account, for auditing and master policy restriction .PARAMETER SDKLocation Location or filepath to the CLIPasswordSDK that will be utilized to make the call Default value: 'C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe' .EXAMPLE $CPResults = Invoke-VPASCredentialProvider -ApplicationID {APPLICATION ID VALUE} -Safe {SAFE VALUE} -ObjectName {OBJECT NAME VALUE} -Folder {FOLDER VALUE} -SDKLocation {SDKLOCATION VALUE} .OUTPUTS If successful: { "Content": "SuperSecretPassword", "ObjectName": "Operating System-WinDomain-vman.com-testdomainuser02", "PolicyID": "WinDomain", "Username": "testdomainuser02", "Address": "vman.com", "Safe": "NewSafeVpas" } --- $false if failed #> function Invoke-VPASCredentialProvider{ [OutputType('System.Collections.Hashtable',[bool])] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="ApplicationID that has access to the safe that will retrieve the account information",Position=0)] [String]$ApplicationID, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Safe that the target account is located in",Position=1)] [String]$Safe, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Unique identifier of the target account",Position=2)] [String]$ObjectName, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,HelpMessage="A directory within a safe that the target account is located in (Default value: root)",Position=3)] [String]$Folder, [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Location or filepath to the CLIPasswordSDK that will be utilized to make the call (Default value: 'C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe')",Position=4)] [String]$SDKLocation, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,HelpMessage="Purpose for pulling the account, for auditing and master policy restriction",Position=5)] [String]$Reason ) Begin{ } Process{ try{ if([String]::IsNullOrEmpty($Folder)){ Write-Verbose "NO FOLDER PASSED, USING DEFAULT VALUE: root" $Folder = "root" } if([String]::IsNullOrEmpty($SDKLocation)){ Write-Verbose "NO SDKLocation PASSED, USING DEFAULT VALUE: 'C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe'" $SDKLocation = "C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe" } Write-Verbose "BUILDING SDK COMMAND" Write-Verbose "$SDKLocation GetPassword /p AppDescs.AppID=$ApplicationID /p Reason=`"$Reason`" /p Query=`"Safe=$Safe;Folder=$Folder;Object=$ObjectName`" /o Password,passprops.UserName,passprops.Address,passprops.Safe,passprops.Object,passprops.PolicyID" $AllDetails = & $SDKLocation GetPassword /p AppDescs.AppID=$ApplicationID /p Reason="$Reason" /p Query="Safe=$Safe;Folder=$Folder;Object=$ObjectName" /o Password,passprops.UserName,passprops.Address,passprops.Safe,passprops.Object,passprops.PolicyID Write-Verbose "PARSING DATA" $AllDetailsSplit = $AllDetails -split "," $outputobj = @{ Content = $AllDetailsSplit[0] Username = $AllDetailsSplit[1] Address = $AllDetailsSplit[2] Safe = $AllDetailsSplit[3] ObjectName = $AllDetailsSplit[4] PolicyID = $AllDetailsSplit[5] } Write-Verbose "RETURNING DATA" return $outputobj }catch{ Write-Verbose "UNABLE TO RETRIEVE ACCOUNT DETAILS" Write-Host $_ -ForegroundColor Red return $false } } End{ } } |