Closed sudipto-roychoudhury closed 1 year ago
Get-AIMCredential
from our CredentialRetriever module has a ToCredential() method available to convert CLIPasswordSDK.exe output into the expected format.
Wow ! Great ! Just tried this out (CredentialRetriever's ToCredential() method) and it works like a charm.
Set-AIMConfiguration -ClientPath "C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe"
$CPCredential = Get-AIMCredential -AppID blah -Safe ASafe -UserName imp_usr -RequiredProps Username,Address
$CPCredentialObj = $CPCredential.ToCredential()
New-PASSession -Credential $CPCredentialObj -BaseURI "https://pvwa"
Get-PASLoggedOnUser
Get-PASAccount -id XXXX
Thanks @pspete
Describe the issue Trying to authenticate using New-PASSession using local CyberArk creds passed as a PSCredential object fails.
To Reproduce Steps to reproduce the behavior: Using the code below :
$secpasswd = ConvertTo-SecureString $CybLocalpass -AsPlainText -Force
$psPASCreds = New-Object System.Management.Automation.PSCredential($CybLocaluser,$secpasswd)
New-PASSession -Credential $psPASCreds -BaseURI "https://pvwa"
The local password is retrieved using CyberArk's CLIPasswordSDK.exe whose output is stored in the variable $CybLocalpass so that password is not stored in plaintext in the script. I have verified that this output is the correct password which works when passed as a $PSCredential object using "Read-Host -AsSecureString". I need this to be working non-interactively and hence the above code.
Expected behavior A successful login via psPAS verified by Get-PASLoggedOnUser
Screenshots & Console Output
Your Environment Include relevant details about your environment
Additional context I am trying to set up a Windows Sch Task which will run a Powershell Script to query All CyberArk Accounts using the psPAS module and for this I am using a local CyberArk credential with Vault Admin permissions. Hence this needs to work non-interactively.