{"id":920,"date":"2019-10-03T08:55:28","date_gmt":"2019-10-03T07:55:28","guid":{"rendered":"http:\/\/www.vatland.no\/?p=920"},"modified":"2019-10-03T08:55:40","modified_gmt":"2019-10-03T07:55:40","slug":"get-secretserver-secret","status":"publish","type":"post","link":"https:\/\/www.vatland.no\/index.php\/get-secretserver-secret\/","title":{"rendered":"Get Secretserver secret"},"content":{"rendered":"\n

Since we are using SecretServer as our credential store it is of great help to be able to get credentials directly from powershell. This is a small function that connects to secretserver webservices and retrieve a secret based on secred ID. The function will connect to the webservice as the signedin user or by a supplied credential or lastly by a predefined stored credential. To use stored credential I’am using functions from https:\/\/github.com\/cunninghamp\/PowerShell-Stored-Credential<\/a>s . <\/p>\n\n\n\n

Usually you would use the PS credential object directly. To get the password as text you could use it from the PSobject referring to the get networkcredential(). <\/p>\n\n\n\n

\n\n
$cred=get-secretid -secretID 2007
\n$password_As_text=$cred.GetNetworkCredential().Password<\/div><\/div>\n\n<\/pre>\n\n\n\n
Or if you need the password in clear text, displayed on screen, you could specify that as a an argument.<\/p>\n\n\n\n
The function is made for my usage, so there is definitive roomfor  improvement .<\/p>\n\n\n\n
\n\n
function Get-SecretID
\n{
\nparam(
\n[parameter(ValueFromPipeline=$True)]
\n[int] $secretID,
\n[pscredential]$sscred,
\n[switch]$Cleartext
\n)
\n
\n$where = 'https:\/\/secretserverdnsname\/secretserver\/winauthwebservices\/sswinauthwebservice.asmx'
\n
\nif($sscred -ne $null){
\n    $ws = New-WebServiceProxy -uri $where -Credential $sscred 
\n}else{
\n
\n  try{
\n    $ws = New-WebServiceProxy -uri $where -UseDefaultCredential -ErrorAction SilentlyContinue
\n    if($ws -eq $null){
\n      if (!(Test-Path Variable:\\ssuser)){
\n        throw {
\n          Write-Host "No secretserver user specified or variable 'ssuser' defined.`nThis is to be used by 'get-storedcredential'"
\n        }
\n      }
\n        $credacc=Get-StoredCredential -UserName $ssuser
\n        $ws = New-WebServiceProxy -uri $where -Credential $credacc -ErrorAction SilentlyContinue
\n        if($ws -eq $null){throw{Write-host "Unable to connect to SecretServer"}}
\n    }
\n  }
\n  catch{
\n
\n  }
\n}
\n
\n$wsResult = $ws.GetSecret($secretId, $false, $null)
\nif($wsresult.errors -ne $null){
\n  $Cred=New-Object PSObject 
\n  $Cred | add-member -NotePropertyName "Username" -NotePropertyValue $wsresult.errors
\n  $Cred | Add-Member -NotePropertyName "Password" -NotePropertyValue $wsresult.errors
\n  
\n  return $Cred
\n} else {
\n  
\n$u=$wsResult.Secret.Items[1].value.ToString()
\n$ep = ConvertTo-SecureString $wsResult.Secret.Items[2].value.ToString() -AsPlainText -Force
\n[pscredential]$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $u,$ep
\nif($Cleartext){
\n  [psobject]$Cred=New-Object PSObject 
\n    $Cred | add-member -NotePropertyName "Username" -NotePropertyValue $u
\n    $Cred | Add-Member -NotePropertyName "Password" -NotePropertyValue $wsResult.Secret.Items[2].value.ToString()
\n    $Cred | Add-Member -NotePropertyName "Domain" -NotePropertyValue $wsResult.Secret.Items[0].value.ToString()
\n  }
\nreturn $Cred
\n}
\n}<\/div><\/div>\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Since we are using SecretServer as our credential store it is of great help to be able to get credentials directly from powershell. This is a small function that connects to secretserver webservices and retrieve a secret based on secred ID. The function will connect to the webservice as the signedin user or by a … Continue reading Get Secretserver secret<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2,48,10],"tags":[59,70],"class_list":["post-920","post","type-post","status-publish","format-standard","hentry","category-development","category-powershell","category-windows","tag-powershell","tag-script"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack-related-posts":[{"id":950,"url":"https:\/\/www.vatland.no\/index.php\/secretservertycotic-plugin-for-powershell-secretsmanagement-module\/","url_meta":{"origin":920,"position":0},"title":"SecretServer(Thycotic) plugin for powershell SecretsManagement module.","author":"Atle","date":"February 18, 2020","format":false,"excerpt":"With the new powershell module SecretsManagement it is possible to add plugins. The new module is used to get\/add\/remove credentials. I created a plugin for secretserver to this module. To get started you will have to install secretsmanagement: Install-Module -Name Microsoft.Powershell.SecretsManagement -AllowPrerelease If -AllowPrerelase is not an option you would\u2026","rel":"","context":"In "Powershell"","block_context":{"text":"Powershell","link":"https:\/\/www.vatland.no\/index.php\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":914,"url":"https:\/\/www.vatland.no\/index.php\/csp-access-to-tenants-using-powershell-part-4\/","url_meta":{"origin":920,"position":1},"title":"CSP access to tenants using powershell. Part 4","author":"Atle","date":"September 24, 2019","format":false,"excerpt":"This is a small script that connects to partnercenter list all customers tenants and let you select one. When one is selected it connects to azuread and az for that customer. All my credentials are stored in SecretServer . I use a web service request to get those credentials. I\u2026","rel":"","context":"In "Azure"","block_context":{"text":"Azure","link":"https:\/\/www.vatland.no\/index.php\/category\/azure\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":934,"url":"https:\/\/www.vatland.no\/index.php\/simple-powershell-mru-list\/","url_meta":{"origin":920,"position":2},"title":"Simple Powershell MRU list","author":"Atle","date":"December 23, 2019","format":false,"excerpt":"When using using my secret server powershell functions I got tired of constantly searching for secret ID's. I had to do a new search just because I could not remember the ID's. So I added some kind of MRU to my get-secretID function. This code block creates to classes mruitem\u2026","rel":"","context":"In "Powershell"","block_context":{"text":"Powershell","link":"https:\/\/www.vatland.no\/index.php\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":875,"url":"https:\/\/www.vatland.no\/index.php\/csp-access-to-tenants-using-powershell-part-1\/","url_meta":{"origin":920,"position":3},"title":"CSP access to tenants using powershell. Part 1","author":"Atle","date":"September 18, 2019","format":false,"excerpt":"A short explanation of how to access customer tenant using a CSP tenant SPN credential connectiong to AzureAD and AZ. Have been struggling for a while to manage all our customers tenants using powershell scripts. It can be complicated to organize all the credentials, tenant domain, tenant id's password expiry.\u2026","rel":"","context":"In "Azure"","block_context":{"text":"Azure","link":"https:\/\/www.vatland.no\/index.php\/category\/azure\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":975,"url":"https:\/\/www.vatland.no\/index.php\/log-tenants-from-office-365-to-local-db\/","url_meta":{"origin":920,"position":4},"title":"Log tenants from office 365 to local Db","author":"Atle","date":"January 3, 2021","format":false,"excerpt":"Hi, I like to keep control of how many licenses our cutomers use versus how many\u00a0 have been purchased. Here is 1st part\u00a0 my PS script to copy the info from csp to the DB. I will start creating a database and table to keep a list of all the\u2026","rel":"","context":"In "Azure"","block_context":{"text":"Azure","link":"https:\/\/www.vatland.no\/index.php\/category\/azure\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":899,"url":"https:\/\/www.vatland.no\/index.php\/csp-access-to-tenants-using-powershell-part-2\/","url_meta":{"origin":920,"position":5},"title":"CSP access to tenants using powershell. Part 2","author":"Atle","date":"September 20, 2019","format":false,"excerpt":"In part 1 we created the Azure Enterprise App for Partnercenter and used this information to connect using powershell and connect-partnercenter. Now we will use this to connect to one of our customers tenants. First we will use AZ module and connect-azaccount. We will use the AZ module and the\u2026","rel":"","context":"In "Azure"","block_context":{"text":"Azure","link":"https:\/\/www.vatland.no\/index.php\/category\/azure\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/comments?post=920"}],"version-history":[{"count":2,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/920\/revisions"}],"predecessor-version":[{"id":922,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/posts\/920\/revisions\/922"}],"wp:attachment":[{"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/media?parent=920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/categories?post=920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vatland.no\/index.php\/wp-json\/wp\/v2\/tags?post=920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}