# The example shows how to modify an existing certificate in SecureAnyBox # If you want to use PowerShell commands to work with SecureAnyBox, first # install SABPowerShellModule.msi # First, we need to authenticate the user. Connect-Sab command connects to SecureAnyBox and # opens the login dialogue. # Due to security reasons, we strongly recommend not using an admin user account. # Create (or use) a user account with minimum permissions (READ and CREATE) only # for the destination Safe Box instead. $sabUrl = "http://127.0.0.1/sab" ## enter Url of SecureAnyBox $loginStatus = connect-sab $sabUrl # If the second-factor authentication is required, the set-2fa function # opens a dialogue for entering the code if ( $loginStatus.SecondFactorRequired ) { set-2fa } try{ # After the user logs in, it is necessary to get the id of destination Safe Box, # to where the certificate will create. # PowerShell commands Get-Records, Get-SafeBoxes and where-object are used to get record id # for a given record name. # When the response from the SecureAnyBox server is received, it is necessary to # check if the received id is valid and the script can continue $recordName = 'certificate_name' $safeBoxes = Get-SafeBoxes | Get-SafeBoxes | Where-Object { $_.Type -eq "SAFEBOX" } $recordId = $safeBoxes | Get-Records | where-object { $_.Name -like $recordName -and $_.Template -eq 'Cert'} | Select-Object -expand id if ( $recordId -le 0 ) { Write-Host "Certificate '$recordName'not found." exit } # If multiple certificates with the same name found, it is necessary to select # which certificate should be modified. if ($recordId.GetType().Name -eq 'Object[]'){ Write-Host $recordId.count "certificates found." Write-Host "------------------------------------------" foreach ($id in $recordId){ Get-Record -Id $id Write-Host "------------------------------------------" } $selectId = Read-Host "Enter id of certificate to modify" if ($recordId.contains($selectId)){ $recordId = $selectId Write-Host "`nCertificate '$recordName' found. (id $recordId)`n" } else { Write-Host "`nEntered id is invalid ! `n" exit } } else{ Write-Host "Certificate '$recordName' found. (id $recordId)" } # Powershell function Set-AccessCode prompts the user to enter the Access Code # and store it on the SecureAnyBox server for a specified amount of seconds. A stored Access Code # allows saving secure fields to a new record and uploading a certificate file. Set-AccessCode -Timeout 60 ## == value of timeout in seconds # Using the Get-Record command user obtains existing record from the SecureAnyBox into the $cert variable. # In the variable, it is possible to change all certificate record's values except the certificate file. # Note: If you do not want to change any of the values, add the # character to the beginning of a specific line. $cert = Get-Record -Id $recordId #$cert.Name = "certificate Name" $cert.Description = "description" $cert.Tags.Remove('tag1') ## each tag must be added individually $cert.Tags.Add('tag2') $cert.Note = "noteline1`nnoteline2" $cert.Attributes.alias = "certificate alias" $cert.Attributes.'sec-note' = "sec-note12`nsec-note22" $cert.Attributes.filePassword = "WecO970ZAVKU7r" # To make change in any record, we need to know the id of record and changed variables. # PowerShell Set-Record function returns the certificate object. If the id from returned certificate # object is greater than zero, then the certificate record modification was successful. After the validation, # it is possible to change the certificate file by uploading a new one. $newRec = $cert | Set-Record -Id $recordId $certId = $newRec.id $certName = $newRec.Name if ( $certId -gt 0 ) { Write-Host "Certificate '$certName' modified. (id $certId )" } ## Decide, whether the certificate file should be changed (0 = false, 1 = true) $uploadFile = 1 ## enter full path of file to store in SecureAnyBox $certPath = "full certificate file path" if ($uploadFile -eq 1){ set-file -Id $certId $certPath Write-Host "File '$certPath' uploaded to file record '$certName'." } } finally{ # When the connection is not needed anymore, disconnect from the SecureAnyBox server. $loginStatus = Disconnect-SAB if(! $loginStatus.Authenticated){ Write-Host "Disconnected from SecureAnyBox server" } }