REST API PowerShell Scripts

To use the REST API you first must enable Webservices. To do so, go to Admin > Configuration general tab. Enabling Webservices simply makes the ASP.NET REST Webservices built into Verify Privilege Vault available.
For a full reference of the REST endpoints and parameters, see the REST API Reference Download.
When using the API to search secrets, the account used must have at least "view" permissions on the full folder path to find the secret.
Verify Privilege Vault Cloud exclusively supports TLS 1.2. This version includes fixes for known vulnerabilities in older TLS versions and will eventually be required for PCI compliance. The following will need to be added to the top of your scripts because PowerShell defaults to TLS 1.0: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Verify Privilege Vault Cloud API users: If IBM Security One is enabled, and an API user logging on has an email address set in Verify Privilege Vault, the user must use the IBM Security One password, instead of the local Verify Privilege Vault password. Using a local account password will fail. Use one of these workarounds:
  • Disable IBM Security One, if not needed
  • Use the IBM Security One password instead
  • Use a user account that does not have an email address in Verify Privilege Vault
Please see Script Authentication Using Tokens for instructions on acquiring a token for the scripts below.

Authentication

See Script Authentication Using Tokens for creating a token to use in the script examples below.

Searching Secrets

Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    $filters = "?filter.includeRestricted=true&filter.searchtext=< mySearchText >"

    Write-Host "------------------------------"
    Write-Host "----- Secret Search Values -----"
    Write-Host "------------------------------"

    #?filter.searchfield=username&filter.searchfield=displayname&filter.searchfield=filter.searchText=mister&filter.includeinactive=true" -Headers $headers

    $result = Invoke-RestMethod "$api/secrets$filters" -Headers $headers

    Write-Host $result.filter.searchField
    Write-Host $result.total

    foreach($secret1 in $result.records)
    {
       Write-Host $secret1.id" - "$secret1.name" - "$secret1.folderId - $secret1.lastHeartBeatStatus
    }

    Write-Host "------------------------------"
    Write-Host "----- Secret Lookup Values -----"
    Write-Host "------------------------------"

    #?filter.searchfield=username&filter.searchfield=displayname&filter.searchfield=filter.searchText=mister&filter.includeinactive=true" -Headers $headers

    $result = Invoke-RestMethod "$api/secrets/lookup$filters" -Headers $headers

    Write-Host $result.filter.searchField
    Write-Host $result.total

    foreach($secret in $result.records)
    {
       Write-Host $secret.id" - "$secret.value
    }
    Write-Host "------------------------------"
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Creating a Secret

Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #stub
    $templateId = <Your Secret Template ID>
    $secret = Invoke-RestMethod $api"/secrets/stub?filter.secrettemplateid=$templateId" -Headers $headers

    #modify
    $secret.name = <Your Secret Name>
    $secret.secretTemplateId = $templateId
    $secret.AutoChangeEnabled = $false
    $secret.autoChangeNextPassword = <Next Password Value>
    $secret.SiteId = <Your Site ID>
    $secret.folderId = <Your Folder ID>

    foreach($item in $secret.items)
    {
      if($item.fieldName -eq "Domain")
      {
        $item.itemValue = <Your Domain>
      }
      if($item.fieldName -eq "Username")
      {
        $item.itemValue = <Username>
      }
      if($item.fieldName -eq "Password")
      {
        $item.itemValue = <Password>
      }
    }

    $secretArgs = $secret | ConvertTo-Json

    #create
    Write-Host ""
    Write-Host "-----Create secret -----"

    $secret = Invoke-RestMethod $api"/secrets/" -Method Post -Body $secretArgs -Headers $headers -ContentType "application/json"

    $secret1 = $secret | ConvertTo-Json
    Write-Host $secret1
    Write-Host $secret.id
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()

    Write-Host $responseBody
}

Editing a Secret

Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #get
    $secretId = <Secret ID>
    $secret = Invoke-RestMethod $api"/secrets/$secretId/" -Headers $headers

    #modify
    $secret.RequiresComment = $true #Example only. Available fields to edit can be found at https://<Your URL>/RestApiDocs.ashx?doc=token-help#tag/Secrets/operation/SecretsService_UpdateSecret

    $secretArgs = $secret | ConvertTo-Json

    #update
    Write-Host ""
    Write-Host "-----Update secret -----"

    $secret = Invoke-RestMethod $api"/secrets/$secretId" -Method Put -Body $secretArgs -Headers $headers -ContentType "application/json"

    $secretUpdate = $secret | ConvertTo-Json
    Write-Host $secretUpdate
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()

    Write-Host $responseBody
}

Checking in a Secret

Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    $secretId = <Your Secret ID>

    $secret = Invoke-RestMethod $api"/secrets/$secretId/check-in" -Method Post -Body $secretArgs -Headers $headers -ContentType "application/json"
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()

    Write-Host $responseBody
}

Deleting a Secret

Copy 
try
{
    $api = "<URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    $secretId = <Your Secret ID>

    Write-Host "----- Delete a Secret -----"

    $deletemodel = Invoke-RestMethod "$api/secrets/$secretId" -Headers $headers -Method DELETE -ContentType "application/json"
    Write-Host $deletemodel
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Creating a User

Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # create user
    Write-Host ""
    Write-Host "----- Create a User -----"

    $userCreateArgs = @{ #More fields available at https://<Your URL>/RestApiDocs.ashx?doc=token-help#tag/Users/operation/UsersService_CreateUser
        userName = <Username>
        password = <Password>
        DisplayName = <Display Name>
        enabled = $true #Not required. Default is false.
    } | ConvertTo-Json

    $user = Invoke-RestMethod "$api/users" -Headers $headers -Method Post -ContentType "application/json" -Body $userCreateArgs
    Write-Host "New User ID : " $user.id
}
catch
{
    Write-Debug "----- Exception -----"
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Update Secret Field

This script requires Verify Privilege Vault 10.1 or later.
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #Secret ID and Field to update
    $secretId = <Your Secret ID>
    $fieldToUpdate = <Field to Update>
    
    $endpoint = "$api/secrets/$secretId/fields/$fieldToUpdate"

    $body = @{
        value = <New Value>
    }| ConvertTo-Json

    echo $endpoint
    echo ----------------------------------------------------------------------------------------------------

    echo ----------------------------------------------------------------------------------------------------
    echo "Updating Field $fieldToUpdate"

    $response = Invoke-RestMethod -Method Put -Uri $endpoint -Headers $headers -ContentType "application/json" -Body $body
    echo $response;
}
catch
{
    Write-Debug "----- Exception -----"
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Get Secret Field Value

This script requires Secret Server 10.1 or later.

try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #Secret ID and Field to test against
    $secretId = <Your Secret ID>
    $field = <Field name>

    $endpoint ="$api/secrets/$secretId/fields/$field"

    $response = $null
    $response = Invoke-RestMethod -Method Get -Uri $endpoint -Headers $headers
    echo $response;
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Upload File to Secret

This script requires Verify Privilege Vault 10.1 or later.

try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #Secret ID and File to upload
    $fileSecretId = <Your Secret ID>
    $fileFieldToUpdate = <Field Name to Store File>

    echo ----------------------------------------------------------------------------------------------------
    echo "Uploading file from $fileFieldToUpdate"

    $endpoint ="$api/secrets/$fileSecretId/fields/$fileFieldToUpdate"
    echo $endpoint

    $secretArgs = @{
        fileName = <File Name>
        fileAttachment = [IO.File]::ReadAllBytes(<File Path>)
    } | ConvertTo-Json

    $response = $null
    $response = Invoke-RestMethod -Method Put -Uri $endpoint -Headers $headers -Body $secretArgs -ContentType "application/json"

    echo $response
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Download File From Secret

This script requires Verify Privilege Vault 10.1 or later.

try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    #Secret ID and File to download
    $fileSecretId = <Your Secret ID>
    $fileFieldToUpdate = <Field Name Storing File>
    $downloadPath = <Your Download path, including file name being downloaded>

    echo "Downloading file from $fileFieldToUpdate"
    $endpoint ="$api/secrets/$fileSecretId/fields/$fileFieldToUpdate"
    echo $endpoint

    $response = $null
    $response = Invoke-RestMethod -Method Get -Uri $endpoint -Headers $headers -OutFile $downloadPath

    Write-Host $response.Length
    Write-Host $response
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Expiring a Token

This script requires Secret Server 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    foreach($user in $pagedUsers.records)
    {
        Write-Host $user.userName
    }

    # expire token
    Write-Host ""
    Write-Host "----- Expire Token -----"

    $expireToken = Invoke-RestMethod "$api/oauth-expiration" -Headers $headers -Method Post

    # This part should fail with a 403 Forbidden
    Write-Host ""
    Write-Host "----- Expect an error -----"

    $secrets = Invoke-RestMethod "$api/secrets" -Headers $headers
}
catch
{
    Write-Debug "----- Exception -----"
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Add Folder

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $folderStub.folderName = <Your Folder Name>
    $folderStub.folderTypeId = 1
    $folderStub.inheritPermissions = $false
    $folderStub.inheritSecretPolicy = $false

    $folderArgs = $folderStub | ConvertTo-Json

    $folderAddResult = Invoke-RestMethod $api"/folders" -Method POST -Body $folderArgs -Headers $headers -ContentType "application/json"
    $folderId = $folderAddResult.id

    if($folderId-gt 1)
    {
        echo ""
        echo "-----------------------"
        echo "--Add Folder Successful--"
        echo "-----------------------"
        echo ""
        echo $folderAddResult | ConvertTo-Json
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Delete Folder

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")
    
    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"
    
    $folderId = <Your Secret ID>
    
    $folderArgs = $folderStub | ConvertTo-Json
    
    $folderDelete = Invoke-RestMethod $api"/folders/$folderId" -Method DELETE -Body $folderArgs -Headers $headers -ContentType "application/json"
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

Get Folder

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $folderId = <Your Secret ID>

    $folderGetResult = Invoke-RestMethod $api"/folders/$folderid" -Method GET -Headers $headers -ContentType "application/json"

    if($folderGetResult.id -eq $folderId)
    {
        echo ""
        echo "-----------------------"
        echo "--Get Folder Successful--"
        echo "-----------------------"
        echo ""
        echo $folderGetResult | ConvertTo-Json
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Add Child Folder

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $folderStub.folderName = <Folder Name>
    $folderStub.folderTypeId = 1
    $folderStub.inheritPermissions = $false
    $folderStub.inheritSecretPolicy = $false
    $folderStub.parentFolderId = <Parent Folder ID>

    $folderArgs = $folderStub | ConvertTo-Json

    $folderChildAddResult = Invoke-RestMethod $api"/folders" -Method POST -Body $folderArgs -Headers $headers -ContentType "application/json"
    $childfolderId = $folderChildAddResult.id

    if($childfolderId-gt 1)
    {
        echo ""
        echo "-----------------------"
        echo "--Add Child Folder Successful--"
        echo "-----------------------"
        echo ""
        echo $folderChildAddResult | ConvertTo-Json
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Update Folder

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod "$api/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $folderId = <Folder ID of folder to update>

    $folderStub.folderName = <Folder Name>
    $folderStub.folderTypeId = 1
    $folderStub.id = $folderId
    
    $folderUpdateArgs = $folderStub | ConvertTo-Json

    $folderUpdateResult = Invoke-RestMethod "$api/folders/$folderId" -Method PUT -Body $folderUpdateArgs -Headers $headers -ContentType "application/json"

    Write-Host $folderUpdateResult

    if($folderUpdateResult.folderId -eq $folderId)
    {
        echo ""
        echo "-----------------------"
        echo "--Update Folder Successful--"
        echo "-----------------------"
        echo ""
        echo $childFolderUpdateResult | ConvertTo-Json
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Search Folders

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $searchFilter ="?filter.searchText=<Search Text>"

    $searchResults = Invoke-RestMethod $api"/folders$searchFilter" -Method GET -Headers $headers -ContentType "application/json"
    $folder = $searchResults.records[0]
    echo $searchResults
    echo $folder

    $name =  <Folder Name>
    if($searchResults.total -gt 0 -and $folder.folderName -eq $name)
    {
        echo ""
        echo "------------------------------"
        echo "--Search Folder Successful--"
        echo "------------------------------"
        echo ""
        echo $group
    }
    else
    {
        Write-Error "ERROR: Failed to Search Folders."
        return
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Lookup Folders

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod $api"/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $lookupFilter = "?filter.searchText=<Search Text>"

    $lookupResults = Invoke-RestMethod $api"/folders/lookup$lookupFilter" -Method GET -Headers $headers -ContentType "application/json"
    $folder = $lookupResults.records[0]
    echo $lookupResults
    echo $folder

   if($searchResults.total -gt 0 -and $folder.value -eq $name)
   {
       echo ""
       echo "------------------------------"
       echo "--Lookup Folder Successful--"
       echo "------------------------------"
       echo ""
       echo $folder
   }
   else
   {
       Write-Error "ERROR: Failed to Lookup Folders."
       return
   }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Add Folder Permissions

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"
    
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    # Get Folder Stub
    $folderStub = Invoke-RestMethod "$api/folders/stub" -Method GET -Headers $headers -ContentType "application/json"

    $folderId = <Your Folder ID>

    $folderPermissionCreateArgs = Invoke-RestMethod $api"/folder-permissions/stub?filter.folderId=$folderId" -Method GET -Headers $headers -ContentType "application/json"
    $folderPermissionCreateArgs.GroupId = <Group ID. $null if assigning by user.>
    $folderPermissionCreateArgs.UserId = <User ID. $null if assigning by group.>
    $folderPermissionCreateArgs.FolderAccessRoleName = <Role Name>
    $folderPermissionCreateArgs.SecretAccessRoleName = <Role Name>

    $permissionArgs = $folderPermissionCreateArgs | ConvertTo-Json

    $permissionResults = Invoke-RestMethod "$api/folder-permissions" -Method POST -Headers $headers -Body $permissionArgs -ContentType "application/json"
    if($permissionResults.FolderId -eq $folderId)
    {
        echo ""
        echo "-------------------------------------"
        echo "--Add Folder Permissions Successful--"
        echo "-------------------------------------"
        echo ""
        echo $permissionResults
    }
    else
    {
        Write-Error "ERROR: Failed to Add Folder Permissions."
        return
    }
    $folderPermissionId = $permissionResults.id
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}

 

Delete Folder Permissions

This script requires Verify Privilege Vault 10.1 or later.
Copy 
try
{
    $api = "<Secret Server URL>/api/v1"
    $token = "<TOKEN>"

    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", "Bearer $token")

    $folderId = <Folder ID of folder being modified>
    $userId = <User ID of the user being removed from folder>

    # Get Folder Stub
    $folderStub = Invoke-RestMethod "$api/folders/$folderId" -Method GET -Headers $headers -ContentType "application/json"
    
    $folderPermissionId = Invoke-RestMethod "$api/folder-permissions/$folderId/?filter.userId=$userId" -Method GET -Headers $headers -ContentType "application/json"

    $permissionDeleteResult = Invoke-RestMethod "$api/folder-permissions/$folderPermissionId" -Method DELETE -Headers $headers -ContentType "application/json"
    if($permissionDeleteResult.id -eq $folderPermissionId)
    {
        echo ""
        echo "----------------------------------------"
        echo "--Remove Folder Permissions Successful--"
        echo "----------------------------------------"
        echo ""
    }
    else
    {
        Write-Error "ERROR: Failed to Remove Folder Permissions."
        return
    }
}
catch [System.Net.WebException]
{
    Write-Host "----- Exception -----"
    Write-Host  $_.Exception
    Write-Host  $_.Exception.Response.StatusCode
    Write-Host  $_.Exception.Response.StatusDescription
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd()
    Write-Host  $responseBody.errorCode " - " $responseBody.message
    foreach($modelState in $responseBody.modelState)
    {
        $modelState
    }
}