You can disregard - I solved it by updating the PasswordState-Management scripts that were updated 4 days ago on GitHub.
Resolution Note:
Run PowerShell as admin and execute the following:
Install-Module -name PasswordState-Management -Force // this should install over the current script version to the latest version. The new 4.4.34 works with PasswordState v9 just fine.
Found the problem, your script either uses TLS1.0 by default or somewhere it is set to that, we have disabled all old unsupported protocols which means it kept failing, adding [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 to the top of the rdfe import forces it to use 1.2 and everything is happy again!
I've updated the code to work with the latest module version and sort by folder.
The pull request should be merged by the royal ts team in the next couple of days.
https://github.com/royalapplications/toolbox/pull/18
Until then you can grab it from my fork.
https://github.com/dnewsholme/toolbox/blob/master/Dynamic%20Folder/PasswordState/PasswordState.rdfe
Is that the dynamic cred script you put above? If so you are returning too much info.
It should look like this:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $ErrorActionPreference = "Stop" $results = Get-PasswordStatePassword -Title "$DynamicCredential.EffectiveID$" $results.Password = $results.GetPassword() $results | Select-Object Username,Password | ConvertTo-Json -Depth 100 | Write-Output
Thanks for that, I knew I was close but not quite there, that worked perfectly, star!
@daryl or @Matthew - Are either of you still using PasswordState and have you upgraded to v9 yet? I'm running into an error with the PowerShell script @daryl attached to this post and it was working PasswordState v8.
Error
Cannot convert value "@{PasswordListID=20; PasswordList=Location2; TreePath=\Location1\Location2; PasswordID=725; Title=NAME-OF-ENTRY; Domain=;
HostName=; UserName=ACCOUNT; Description=; GenericField1=; GenericField2=; GenericField3=; GenericField4=; GenericField5=;
GenericField6=; GenericField7=; GenericField8=; GenericField9=; GenericField10=; GenericFieldInfo=System.Object[]; AccountTypeID=0; Notes=;
URL=https://somewebsite; Password=CREDENTIAL; ExpiryDate=; AllowExport=True; AccountType=; OTP=}" to type
"PasswordResult".
Current Dynamic Folder PowerShell Script
$ErrorActionPreference = "Stop"
$results = Get-PasswordStatePassword -preventauditing
$credentials = @()
foreach ($item in $results) {
if ($item.Notes -like "-----BEGIN RSA PRIVATE KEY----*") {
$credentials += [pscustomobject]@{
Type = "Credential"
Name = $item.Title
Username = $item.Username
Password = $item.GetPassword()
ID = $item.PasswordID
KeyFileContent = $item.Notes
Path = $item.TreePath
}
}
else {
$credentials += [pscustomobject]@{
Type = "Credential"
Name = $item.Title
Username = $item.Username
Password = $item.GetPassword()
ID = $item.PasswordID
Path = $item.TreePath
}
}
}
$final = [pscustomobject]@{
Objects = $credentials
}
$final | ConvertTo-Json -Depth 100 | Write-Output
I have modified the code to get it grouped by folder, I had one other thing thats bugging me, when I create the dynamic folder give it a name, add the code and it creates a sub folder named "PasswordState" inside the first folder and that folder is not persistent with its settings if I enable auto refresh for example it fails to update it when I close/Open RoyalTS also the sub folder is slightly frustrating.
Is there any way I can contribute the modified code to group by folder in anyway?
Thanks for getting this to work fellas.
Out of curiosity - is it by design that when you close out of the TS document that the passwordstate credentials do not save to the individual connections? It seems I get an [unknown credential] whenever I reopen my TS file and would have to re-assign credentials each time.
Curious to know if there's any way around that or if I'm not doing something right - if it's not by design.
Thanks!
Use "Specify a credential name" rather than selecting it from the list that way when the password list refreshes as long as the name is the same it will use it correctly, if the name changes you will run into issues
That's a good workaround if you can work with credential names. The reason for this is that the credential id is stored in the connection. Depending on the PAM system, the dynamic folder script cannot always ensure the same id is generated for the same object. If you are using a PAM where the object id of the credential is a GUID, you can use the same GUID in the JSON output for the credential. In this case you can assign the credential to the connection directly. Some PAM systems do not use GUIDs for their object IDs and in this case a new GUID might be generated.
Yeah I have had issues when closing and opening it when the credential was saved directly to the connection but so far never had a problem with using the credential name, works every time for me (provided the connection to the PAM is working)
So this one has stopped working for me, installed the latest version of the script and the folder just throws an error with code on line 159 but there is no line 159 in the dynamic folder script.
Windows Powershell uses TLS 1.0 by default and you have to force to TLS 1.2 with the method above unless you have forced .Net framework 4 to use strong crypto by default.
Thanks, Fellas. Worked out great!
Daryl Newsholme
Sorry wasn't sure where to put this.
I've created a script to integrated with Passwordstate for password retrieval. (attached)
It requires use of my PasswordState-management powershell module to use. Details here: https://github.com/dnewsholme/PasswordState-Management
Powershell Gallery Link: https://www.powershellgallery.com/packages/passwordstate-management/2.0.0
Feel free to use/alter as you like.
Hope it helps.