I was bitten by the [unknown credential] issue using the 1Password rdf integration. Either missued it in the docs, or was not aware that specifiying a credential would lose me all those credentials after making the connection to 1Password (though in all fairness to me, the product does list it correctly when selecting it... e.g.
/rootdocument/1Password (Python)/credential_name
Is this still a bug, or are we supposed to use specify credential name? (which, btw, does not list the full path in case of name collisions)
I couldn't say for sure as i've never used 1password but i think it's likely you would.
Hi Andrew,
as the "Use an existing credential" functionality references to the GUID of the credential, can you please try switching to "Specify a credential name", to see if this resolves the issue?
Just make sure, that the credential name in your Royal TS session is unique, for this to work.
I hope this helps!
Best regards,
Christoph
So this one has stopped working for me, installed the latest version of the script and the folder just throws an error with code on line 159 but there is no line 159 in the dynamic folder script.
@daryl or @Matthew - Are either of you still using PasswordState and have you upgraded to v9 yet? I'm running into an error with the PowerShell script @daryl attached to this post and it was working PasswordState v8.
Error
Cannot convert value "@{PasswordListID=20; PasswordList=Location2; TreePath=\Location1\Location2; PasswordID=725; Title=NAME-OF-ENTRY; Domain=;
HostName=; UserName=ACCOUNT; Description=; GenericField1=; GenericField2=; GenericField3=; GenericField4=; GenericField5=;
GenericField6=; GenericField7=; GenericField8=; GenericField9=; GenericField10=; GenericFieldInfo=System.Object[]; AccountTypeID=0; Notes=;
URL=https://somewebsite; Password=CREDENTIAL; ExpiryDate=; AllowExport=True; AccountType=; OTP=}" to type
"PasswordResult".
Current Dynamic Folder PowerShell Script
$ErrorActionPreference = "Stop"
$results = Get-PasswordStatePassword -preventauditing
$credentials = @()
foreach ($item in $results) {
if ($item.Notes -like "-----BEGIN RSA PRIVATE KEY----*") {
$credentials += [pscustomobject]@{
Type = "Credential"
Name = $item.Title
Username = $item.Username
Password = $item.GetPassword()
ID = $item.PasswordID
KeyFileContent = $item.Notes
Path = $item.TreePath
}
}
else {
$credentials += [pscustomobject]@{
Type = "Credential"
Name = $item.Title
Username = $item.Username
Password = $item.GetPassword()
ID = $item.PasswordID
Path = $item.TreePath
}
}
}
$final = [pscustomobject]@{
Objects = $credentials
}
$final | ConvertTo-Json -Depth 100 | Write-Output
Thanks, Fellas. Worked out great!
Yeah I have had issues when closing and opening it when the credential was saved directly to the connection but so far never had a problem with using the credential name, works every time for me (provided the connection to the PAM is working)
That's a good workaround if you can work with credential names. The reason for this is that the credential id is stored in the connection. Depending on the PAM system, the dynamic folder script cannot always ensure the same id is generated for the same object. If you are using a PAM where the object id of the credential is a GUID, you can use the same GUID in the JSON output for the credential. In this case you can assign the credential to the connection directly. Some PAM systems do not use GUIDs for their object IDs and in this case a new GUID might be generated.
Use "Specify a credential name" rather than selecting it from the list that way when the password list refreshes as long as the name is the same it will use it correctly, if the name changes you will run into issues
Thanks for getting this to work fellas.
Out of curiosity - is it by design that when you close out of the TS document that the passwordstate credentials do not save to the individual connections? It seems I get an [unknown credential] whenever I reopen my TS file and would have to re-assign credentials each time.
Curious to know if there's any way around that or if I'm not doing something right - if it's not by design.
Thanks!
I just merged the pull request. Thanks, Daryl. I really appreciate your contribution!
Great work thanks, I realised what I had done wrong in regards to the sub folder, I pasted the code in myself rather than importing it so all is good now.
I have modified the code to get it grouped by folder, I had one other thing thats bugging me, when I create the dynamic folder give it a name, add the code and it creates a sub folder named "PasswordState" inside the first folder and that folder is not persistent with its settings if I enable auto refresh for example it fails to update it when I close/Open RoyalTS also the sub folder is slightly frustrating.
Is there any way I can contribute the modified code to group by folder in anyway?
So I have this working and its fantastic but I was wondering if its possible to group by the folders and organisation that is present in passwordstate, it just gives me a huge list of passwords without any structure (we have ours grouped in folders and password list)
Daryl Newsholme
Sorry wasn't sure where to put this.
I've created a script to integrated with Passwordstate for password retrieval. (attached)
It requires use of my PasswordState-management powershell module to use. Details here: https://github.com/dnewsholme/PasswordState-Management
Powershell Gallery Link: https://www.powershellgallery.com/packages/passwordstate-management/2.0.0
Feel free to use/alter as you like.
Hope it helps.