Question Create and Update Entry via Powershell
Hello,
we try creating new entries and update via PowerShell.
Out current script looks like this:
$URL = "https://ourServer";
$pEntryName = "00001"
$diag = [ordered]@{}
try {
# Connect
$diag.Session = New-DSSession -BaseURI $URL -WindowsAuthentication
# Try get Entry by Name
$newEntry = Get-DSEntry -VaultID "00000000-0000-0000-0000-000000000000" -FilterMatch ExactExpression -FilterValue "$pEntryName"
if ($null -eq $newEntry){
# Entry not available - Create a new empty Entry inside desired vault
$newEntry = New-DSCredentialEntry -Name "$pEntryName" -VaultID "00000000-0000-0000-0000-000000000000"
$newEntry.connectionType = 26
# 5 - Website-Type
#26 - CredentialEntry
# --- User and Password
$newEntry.data | Add-Member -MemberType NoteProperty -Name "userName" -Value "MyNewUser"
$newEntry.data.passwordItem = @{hasSensitiveData = $false; sensitiveData = "MyNewPassword" }
#Convert to Json
$newEntryJson = $newEntry | ConvertTo-Json -Depth 100
# Update Entry on Server
Update-DSEntryBase -JsonBody $newEntryJson
}
else{
# Entry available - update password
$cred = $newEntry.data
$cred.passwordItem | Add-Member -MemberType NoteProperty -Name SensitiveData -Value "MyNewerPassword"
Update-DSEntryBase -JsonBody (ConvertTo-Json -InputObject $cred -Depth 4)
}
} catch {
$diag.Error = $_.Exception.Message
}
$diag.Error
When executing:
- Creation of entry succeeds
- Update of entry fails
- Error: … swordItem | Add-Member -MemberType NoteProperty -Name SensitiveData - …
- | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- | Cannot bind argument to parameter 'InputObject' because it is null.
- Error: … swordItem | Add-Member -MemberType NoteProperty -Name SensitiveData - …
I read from here: https://docs.devolutions.net/powershell/powershell-commands/update-dsentrybase/
Version: Current Version of DVLS, PowerShell-Modules, ...
Does anyone can give me a hint?
Best regards,
Torben
All Comments (15)
Hello,
Your thread has been moved to the PowerShell support forum.
The way you're trying to update the credential doesn't work because Get-DSEntry doesn't return the right type of object.
To update a credential entry's password, you can try something like the following:
$credObject = $newEntry.data | Convert-XMLToPSCustomObject; $credConnection = [Devolutions.RemoteDesktopManager.Business.CredentialsConnection]$credObject.Connection.Credentials; $credConnection.Password = "MyNewestPassword"; $credObject.Connection.Credentials.SafePassword = $credConnection.SafePassword; $newCredXml = $credObject | Convert-PSCustomObjectToXML; $newEntry.Data = $newCredXml.OuterXml; Update-DSEntryBase -FromRDMConnection $newEntry
Best regards,
Christian
Hi @Christian Robert ,
thank you for your assistance - that way it works as expected.
Perhaps you can give me a hint, if there is some documentation available?
Currently I'm havong the same thing with CustomField1 (Title, Value and Visibility).
Best regards,
Torben
Hello Torben,
Here are a few examples of how to modify an existing entry's custom field values.
To modify a custom field which has already been set on the entry:
$credEntry = Get-DSEntry -VaultID $vaultId -FilterMatch ExactExpression -FilterValue $entryName; $credObject = $credEntry.data | Convert-XMLToPSCustomObject; $credObject.Connection.MetaInformation.CustomField1Title = "UpdatedTitle"; $credObject.Connection.MetaInformation.CustomField1Value = "UpdatedValue"; $newCredXml = $credObject | Convert-PSCustomObjectToXML; $credEntry.Data = $newCredXml.OuterXml; Update-DSEntryBase -FromRDMConnection $credEntry;
If a custom field hasn't been set, the related attributes likely won't show up in the MetaInformation object. In that case, you'll need to add them manually:
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Title" -Value "FirstFieldTitle"; Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Value" -Value "FirstFieldContent";
To modify a custom field's value if it's set as sensitive, you'll need to encrypt it. Here's how:
$credObject.Connection.MetaInformation.SafeCustomField1ValueSensitive = [Devolutions.RemoteDesktopManager.Business.ConnectionMetaInformation]::FilterCustomFieldValueSensitive("NewSensitiveData");
To switch a field from plain-text to sensitive:
$credObject.Connection.MetaInformation = $credObject.Connection.MetaInformation | Select-Object * -ExcludeProperty CustomField1Value;
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Hidden" -Value "true";
$sensitiveData = [Devolutions.RemoteDesktopManager.Business.ConnectionMetaInformation]::FilterCustomFieldValueSensitive("NewSensitiveData");
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "SafeCustomField1ValueSensitive" -Value $sensitiveData;
One last note: the MetaInformation field should show up if the entry has a password history (ie. if its password has been set at any point in the past) or existing custom fields. If neither of these are present, the MetaInformation might not appear. In this case, you can just do the following to create it:
Add-Member -InputObject $credObject.Connection -MemberType NoteProperty -Name "MetaInformation" -Value ([PSCustomObject]@{})
Best regards,
Christian
Hello Torben,
Here are a few examples of how to modify an existing entry's custom field values.
To modify a custom field which has already been set on the entry:
$credEntry = Get-DSEntry -VaultID $vaultId -FilterMatch ExactExpression -FilterValue $entryName;
$credObject = $credEntry.data | Convert-XMLToPSCustomObject;
$credObject.Connection.MetaInformation.CustomField1Title = "UpdatedTitle";
$credObject.Connection.MetaInformation.CustomField1Value = "UpdatedValue";
$newCredXml = $credObject | Convert-PSCustomObjectToXML;
$credEntry.Data = $newCredXml.OuterXml;
Update-DSEntryBase -FromRDMConnection $credEntry;
If a custom field hasn't been set, the related attributes likely won't show up in the MetaInformation object. In that case, you'll need to add them manually:
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Title" -Value "FirstFieldTitle";
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Value" -Value "FirstFieldContent";
To modify a custom field's value if it's set as sensitive, you'll need to encrypt it. Here's how:
$credObject.Connection.MetaInformation.SafeCustomField1ValueSensitive = [Devolutions.RemoteDesktopManager.Business.ConnectionMetaInformation]::FilterCustomFieldValueSensitive("NewSensitiveData");
To switch a field from plain-text to sensitive:
$credObject.Connection.MetaInformation = $credObject.Connection.MetaInformation | Select-Object * -ExcludeProperty CustomField1Value;
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "CustomField1Hidden" -Value "true";
$sensitiveData = [Devolutions.RemoteDesktopManager.Business.ConnectionMetaInformation]::FilterCustomFieldValueSensitive("NewSensitiveData");
Add-Member -InputObject $credObject.Connection.MetaInformation -MemberType NoteProperty -Name "SafeCustomField1ValueSensitive" -Value $sensitiveData;
One last note: the MetaInformation field should show up if the entry has a password history (ie. if its password has been set at any point in the past) or existing custom fields. If neither of these are present, the MetaInformation might not appear. In this case, you can just do the following to create it:
Add-Member -InputObject $credObject.Connection -MemberType NoteProperty -Name "MetaInformation" -Value ([PSCustomObject]@{})
Best regards,
Christian
@Christian Robert
Dear Christian,
yes - that did it 😃
Thank you very much.
I would appreciate to have such information in Examples on GitHub, also the ones concerning the usage and availability of the pure Devolutions.Powershell-Functions .
Best regards,
Torben
Hi @Christian Robert ,
do you know if there is a similar functionallity for WebConnections as the one you showed me for Credential Connections?
$credObject = $newEntry.data | Convert-XMLToPSCustomObject; $credConnection = [Devolutions.RemoteDesktopManager.Business.CredentialsConnection]$credObject.Connection.Credentials; $credConnection.Password = "MyNewestPassword";
Best regards,
Torben
Hello Torben,
Thanks for the suggestion; we'll be adding related examples to GitHub and to the cmdlet documentation in PowerShell.
Yes, there's a broadly similar process for website-type entries. Here's an example:
$webObject = $webEntry.Data | Convert-XMLToPSCustomObject; $webConnection = [Devolutions.RemoteDesktopManager.Business.WebConnection]$webObject.Connection.Web; $webConnection.Password = "MyNewPassword"; $webObject.Connection.Web.SafePassword = $webConnection.SafePassword; $newWebXml = $webObject | Convert-PSCustomObjectToXML; $webEntry.Data = $newWebXml.OuterXml; Update-DSEntryBase -FromRDMConnection $webEntry;
Best regards,
Christian
Hello @Christian Robert ,
that works like a charme for the password.
I only saw property $webConnection.OtpKey which does not lead to an encrypted SafeKey but to an encrypted SafeOtpKey.
So, concerning OTP I tried to adapt by using [Devolutions.RemoteDesktopManager.Business.OTP]$webObject.Connection.OTP but failed. Also searching forum / examples ...
Do you have an idea on how to change the OtpKey for a WebBrowser-entry?
Best regards,
Torben
Hello Torben,
There's currently no way to set a website entry's OTP key from the DS cmdlets.
However, within the RDM cmdlets, Set-RDMEntryOTP will receive an update in the next major release permitting this.
Best regards,
Christian
Hello Torben,
There's currently no way to set a website entry's OTP key from the DS cmdlets.
However, within the RDM cmdlets, Set-RDMEntryOTP will receive an update in the next major release permitting this.
Best regards,
Christian
@Christian Robert
Hello Christian,
if there would be a way just to crypt the key to the correct value for OTP (Webbrowser seems to crypt different from credential), I'll do the rest.
Best regards,
Torben
Hello Torben,
There's currently no way to set a website entry's OTP key from the DS cmdlets.
However, within the RDM cmdlets, Set-RDMEntryOTP will receive an update in the next major release permitting this.
Best regards,
Christian
@Christian Robert
Sorry for intruding in this thread, but is this also the reason why I can't get the OTP key to update on a username/password credential with Set-RDMEntryOTP? It appears to only work on OTP entries.
Sorry for intruding in this thread, but is this also the reason why I can't get the OTP key to update on a username/password credential with Set-RDMEntryOTP? It appears to only work on OTP entries.
@JelmerJ
Hi Jelmer,
have you tried Christians answer from the beginning? This way you should be able to set a credentials TOTP.
Best regards,
Torben
@torben
Hello Torben,
It's precisely this encryption process which, for OTP keys, can't currently be securely accessed. Apologies. As mentioned, Set-RDMEntryOTP will be updated to enable this soon; we're also considering (in a further update) a DS cmdlet which would enable field modification in a way which would bypass this issue.
@JelmerJ
Hello Jelmer,
Yes, the cmdlet was previously only for OTP entries; in the upcoming update it'll be broadened to work on multiple other entry types, including use/pass credentials and websites.
Best regards,
Christian
Hello @Christian Robert ,
thanks for your explanation and patience ;-)
I would suggest as a feature-request, that it should be possible to also encrypt OTP-Keys by a pure PowerShell-Functionallity in Memory, without the requirement to write it to some entry.
Best regards,
Torben
Hello Torben,
Thanks for the request, it's a good idea. We'll consider the best way to proceed with this issue.
Best regards,
Christian
Hello,
Version 2025.3.4 of the PowerShell module adds Set-DSEntryProperty, enabling users to modify an entry object’s properties more easily. The GitHub examples related to these operations will be updated shortly.
Best regards,
Christian