# The example shows how to modify an existing secret account in SecureAnyBox # If you want to use PowerShell commands to work with SecureAnyBox, first # install SABPowerShellModule.msi # First, we need to authenticate the user. Connect-Sab command connects to SecureAnyBox and # opens the login dialogue. # Due to security reasons, we strongly recommend not using an admin user account. # Create (or use) a user account with minimum permissions (READ and CREATE) only # for the destination Safe Box instead. $sabUrl = "http://127.0.0.1/sab" ## enter Url of SecureAnyBox $loginStatus = connect-sab $sabUrl # If the second-factor authentication is required, the set-2fa function # opens a dialogue for entering the code if ( $loginStatus.SecondFactorRequired ) { set-2fa } try{ # After the user logs in, it is necessary to get the id of secret account record to modify. # PowerShell commands Get-Records, Get-SafeBoxes and where-object are used to get record id # for a given record name. # When the response from the SecureAnyBox server is received, it is necessary to # check if the received id is valid and the script can continue $recordName = 'secret_account_name' $safeBoxes = Get-SafeBoxes | Get-SafeBoxes | Where-Object { $_.Type -eq "SAFEBOX" } $recordId = $safeBoxes | Get-Records | where-object { $_.Name -like $recordName -and $_.Template -eq 'AccountSec'} | Select-Object -expand id if ( $recordId -le 0 ) { Write-Host "Secret account '$recordName'not found." exit } # If multiple secret accounts with the same name found, it is necessary to select # which secret account should be modified. if ($recordId.GetType().Name -eq 'Object[]'){ Write-Host $recordId.count "secret accounts found." Write-Host "------------------------------------------" foreach ($id in $recordId){ Get-Record -Id $id Write-Host "------------------------------------------" } $selectId = Read-Host "Enter id of secret account to modify" if ($recordId.contains($selectId)){ $recordId = $selectId Write-Host "`nSecret account '$recordName' found. (id $recordId)`n" } else { Write-Host "`nEntered id is invalid ! `n" exit } } else{ Write-Host "Secret account '$recordName' found. (id $recordId)" } # Using the Get-Record command user obtains existing record from the SecureAnyBox into the $secAcc variable. # In the variable, it is possible to change all secret account record's values except the password. # To change the Password, use the Set-Password command instead. # Note: If you do not want to change any of the values, add the # character to the beginning of a specific line. $secAcc = Get-Record -Id $recordId #$secAcc.Name = "name of secret account" #$secAcc.Site = "site" $secAcc.Description = "description" $secAcc.Tags.Remove('tag1') $secAcc.Tags.Add('tag2') $secAcc.Note = "noteline1`nnoteline2" ## use `n to add new line $secAcc.Launcher = "NONE" ## select one of the values : NONE, REMOTE_DESKTOP, SSH, SFTP, SCP, TELNET, FTP, RASDIAL, WINBOX $secAcc.Attributes.'sec-serverAddress' = "serverAddress" $secAcc.Attributes.'sec-note' = "secretnoteline1`nline2" ## use `n to add new line $secAcc.Attributes.'sec-loginName' = "loginname" # To make change in any record, we need to know the id of record and changed variables. # PowerShell Set-Record function returns the secret account object. If the id from returned secret account # object is greater than zero, then the secret account record modification was successful. $newRec = $secAcc | Set-Record -Id $recordId $secAccountId = $newRec.id $secAccountName = $newRec.Name if ( $secAccountId -gt 0 ) { Write-Host "Secret Account '$secAccountName' modified. (id $secAccountId )" } } finally{ # When the connection is not needed anymore, disconnect from the SecureAnyBox server. $loginStatus = Disconnect-SAB if(! $loginStatus.Authenticated){ Write-Host "Disconnected from SecureAnyBox server" } }