-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathLinkedPassword_Change.ps1
59 lines (51 loc) · 2.48 KB
/
LinkedPassword_Change.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# This is a REST based replacement for the SOAP script at the bottom of
# https://docs.delinea.com/online-help/secret-server/rpc-heartbeat/rpc/rpc-shared-secrets/index.htm
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$ServerURL = "https://SecretServerBasePath/"
$APIUser = $args[0]
$APIUserPassword = $args[1]
$SecretPassword = $args[2]
$SecretList = $Args[3].split(",")
$APIUserDomain = $args[4]
#if you need more verbose errors change this to $true and make sure the file path exists
$debug = $false
$errorfile = "c:\temp\secretDependencyUpdateFailures.csv"
if ($null -eq $APIUserDomain -or $APIUserDomain -eq "local") {
$creds = @{
username = $APIUser
password = $APIUserPassword
grant_type = "password"
}
}
else {
$creds = @{
username = $APIUserDomain, $APIUser -join "\"
password = $APIUserPassword
grant_type = "password"
}
}
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
try {
$APIToken = Invoke-RestMethod ($serverurl + 'oauth2/token') -Method 'POST' -Headers $headers -Body $creds | Select-Object -ExpandProperty access_token
if ($debug) { (Get-Date).ToString(), "Connected to API: ", ($serverurl + 'oauth2/token') -join "`t" | Out-File -FilePath $errorfile -Append }
}
catch {
Write-Error "Error logging into server $serverurl : $_"
if ($debug) { (Get-Date).ToString(), "Bad login attempt: ", ($serverurl + 'oauth2/token'), $body, $_ -join "`t" | Out-File -FilePath $errorfile -Append }
return
}
$headers.Add("Authorization", "Bearer " + $APIToken)
$body = @{ "newPassword" = $SecretPassword }
[array]$errorlist = @()
foreach ($SecretID in $SecretList) {
try {
Invoke-RestMethod ( $ServerURL + 'api/v1/secrets/' + $SecretID + '/change-password') -Method 'POST' -Headers $headers -Body ($body | ConvertTo-Json) | Out-Null
if ($debug) { (Get-Date).ToString(), "SecretID: $secretid", "Updated Without Error" -join "`t" | Out-File -FilePath $errorfile -Append }
}
catch {
$errorlist += $secretid
if ($debug) { (Get-Date).ToString(), "SecretID: $secretid", ($_.ErrorDetails) -join "`t" | Out-File -FilePath $errorfile -Append }
}
}
if ($errorlist.count -gt 0) { Write-Error ("error setting password on secret id(s): " + $errorlist) }