search

aaearon / SecretManagement.CyberArk

A SecretManagement extension for CyberArk.
https://timschindler.blog/secretmanagementcyberark-an-extension-for-the-secretmanagement-powershell-module
MIT License
12 stars 0 forks source link

Improve flexibility to grab an account credential via Get-Secret #2

Closed aaearon closed 3 years ago

aaearon commented 3 years ago

Problem

Get-PASAccount -search is used to get an account ID that is later passed to Get-PASAccountPassword to retrieve the credential. Get-Secret is meant to return only a single Secret but depending on the search Get-PASAccount can return more than one result so we just return the first one. As an account's name property is, by default, not searchable via the CyberArk API it can be very difficult to craft a search query that returns exactly one account.

Ideas

psPAS.CyberArk.Vault.Account.V10 in pipeline

It would be convenient to be able to pass a [psPAS.CyberArk.Vault.Account.V10] to Get-Secret which would then get the credential for that account.

Example

Get-PASAccount -search root | Where-Object {$_.address -eq 'specificServer2'} | Get-Secret -AdditionalParameters @{Reason='Maintenance task'}

Allow Get-PASAccount parameters to be passed in AdditionalParameters for Get-Secret

Get-PASAccount enables a person to pass multiple parameters that could result in a single account being returned. We should enable users to pass the same parameters they are familiar with from Get-PASAccount in AdditionalParameters.

Example

Get-Secret -Name admin -AdditionalParameters @{searchType='startswith'}

aaearon commented 3 years ago

takes a single result from Get-PASAccount e7feb403447036a5c45a0c2630a32e531b232c10