Skip to content

Instantly share code, notes, and snippets.

@infamousjoeg
Last active December 7, 2021 11:04
Show Gist options
  • Save infamousjoeg/9a1b9352d4c653ca9898a073fd3a5ed3 to your computer and use it in GitHub Desktop.
Save infamousjoeg/9a1b9352d4c653ca9898a073fd3a5ed3 to your computer and use it in GitHub Desktop.
CyberArk Safe Search & Permission Granting
Import-Module psPAS
### VARIABLES
# Base URI to PVWA as validated on the certificate
$baseURI = "https://cyberark.joegarcia.dev"
# API Automation Username
$userName = "Svc_RESTAPI"
### LOGIN
try {
New-PASSession -Credential $apiCredentials -BaseURI $baseURI -Type CyberArk -ErrorAction Stop
Write-Host "Securely logged into CyberArk Web Services"
} catch {
Write-Host "[ ERROR ] Could not login to CyberArk Web Services" -ForegroundColor Red
Exit
}
### SEARCH FOR SAFE
try {
$safesFound = Find-PASSafe -search "P-WND-DOM" -ErrorAction Stop
Write-Host "Found " + $safesFound.Length + " safes."
} catch {
Write-Host "[ ERROR ] Could not find any safes." -ForegroundColor Red
}
foreach ($safeName in $safesFound.SafeName) {
### SEARCH FOR API AUTOMATION USER ON SAFE
try {
Get-PASSafeMember -member $userName -Safe $safeName -ErrorAction Stop 
} catch {
try {
Add-PASSafeMember -SafeName $safeName -MemberName $userName -SearchIn "Vault" -ListAccounts $true `
-AddAccounts $true -UpdateAccountContent $true -UpdateAccountProperties $true -InitiateCPMAccountManagementOperations $true `
-ManageSafeMembers $true -ViewAuditLog $true -ViewSafeMembers $true `
-AccessWithoutConfirmation $true -ErrorAction Stop
Write-Host "Added the API Automation User to ${safeName}."
} catch {
Write-Host "[ ERROR ] Could not add API Automation User member to safe" -ForegroundColor Red
Exit
}
}
}
### LOGOUT
try {
Close-PASSession -ErrorAction Stop
Write-Host "Logged off CyberArk Web Services"
} catch {
Write-Host "[ ERROR ] Could not logoff CyberArk Web Services - auto-logoff will occur in 20 minutes" -ForegroundColor Red
Exit
}
Write-Host "Script complete!" -ForegroundColor Green
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment