我是PowerShell,Thycotic Secret Server和编写API的新手。我的任务是编写一个API,以远程访问Thycotic Secret Server,并将机密信息与附件一起上传。不幸的是,我还没有出发。我在这里遵循代码:
https://thycotic.force.com/support/s/article/REST-API-PowerShell-Scripts-Getting-Started
我已抄下: 3 –搜索秘密 4 –创建秘密和
从此处获取令牌: https://thycotic.force.com/support/s/article/Secret-Server-Trial-Using-the-API
并已为每个函数创建函数。我所做的唯一更改是更改了myurl,myusername和mypassword。
这是我的PowerShell脚本:
$myUrl = "mysecretserver/Login.aspx?ReturnUrl=%2f"
$application = "https://mysecretserver/Login.aspx?ReturnUrl=%2fsecretserver"
# Ask for user name
$userName = Read-Host -Prompt "Please enter user name"
$userPassword = Read-Host -AsSecureString "Password"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Get-Token
Search-Secrets $userName,$userPassword
Create-Secret $userName,$userPassword
当我运行Get-Token时(未对下载的代码进行任何更改)
function Get-Token
{
[CmdletBinding()]
Param(
[Switch] $UseTwoFactor
)
$creds = @{
username = $userName
password = $userPassword
grant_type = "password"
};
$headers = $null
If ($UseTwoFactor) {
$headers = @{
"OTP" = (Read-Host -Prompt "Enter your OTP for 2FA (displayed in your 2FA app): ")
}
}
try
{
$response = Invoke-RestMethod "$application/oauth2/token" -Method Post -Body $creds -Headers $headers;
$token = $response.access_token;
return $token;
}
catch
{
$result = $_.Exception.Response.GetResponseStream();
$reader = New-Object System.IO.StreamReader($result);
$reader.BaseStream.Position = 0;
$reader.DiscardBufferedData();
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host "ERROR: $($responseBody.error)"
return;
}
}
似乎运行正常,但是当我显示$ token时,它为空。 我不是100%不确定这样做是什么,并且看了很多示例,但是似乎缺少读取令牌和使用令牌访问秘密服务器的基本步骤。任何帮助将不胜感激。
答案 0 :(得分:0)
用服务器的FQDN代替您的Secret Server URL,而不是在浏览器中获得的Web URL。您需要确保Secret Server地址正确,否则它将无法访问API(并且可能无法正常运行,这就是为什么您看不到Get-Token函数的任何错误的原因)。
例如,代替:
$application = "https://mysecretserver/Login.aspx?ReturnUrl=%2fsecretserver"
可能是这样的:
$application = "https://mysecretserver.mydomain.com"