Emergency scenario export DVLS vault(s) protected with password

Hello freddy1,

Thank you for reaching out to the Devolutions support team.

You can automate the export by using a PowerShell script.
With the PowerShell module and the application identity, you can configure a Windows task to run automatically.

https://docs.devolutions.net/powershell/rdm-powershell/powershell-scripting/powershell-module/
https://docs.devolutions.net/server/web-interface/administration/security-management/applications/

You can use the cmdlet Export-RDMVault or Export-RDMSession.

Let me know if you have any questions about it.

Best regards,

Hi Patrick,

When I try to export a vault with:

Export-RDMVault -ID xx -Path "D:\Export\xx.rdx" -IncludeAttachments -IncludeCredentials -IncludeDocumentation -IncludeFavorite -Password $secure 

I get the following error:

Export-RDMRepository: Command available with an advanced data source only

What do I need to change to get this working?

I get this error based on a new-dssession based on credential

New-DSSession -BaseUri "https://x.x" -Credential (Get-Credential)

I just made a new application identity to make a session based on api:

New-DSSession -ApiKey xxx -BaseUri "https://x.x"

But then I get:

New-DSSession: The API key appears to be invalid. Please ensure the key is valid and has the required permissions at the user or system settings level.

The API key is valid so I don't know what's causing this issue.

Hello hjbos,

Thank you for this feedback.

The application identity needs to be a member of an admin group in DVLS.
Or you can assign permission to this entity to execute a specific task on your database.

Best regards,

Hi Patrick,

I made the application Identity member of an admin group in DVLS. I still get:

The API key appears to be invalid. Please ensure the key is valid and has the required permissions at the user or system settings level.

Hello hjbos,

Thank you for this feedback.

Could you make sure the app key and app secret are set properly in this script?

$env:DS_URL= "https://localhost/dvls"
$env:DS_USER = "your_appkey"
$env:DS_PASSWORD = "your_appsecret"

[string]$Username = $env:DS_USER
[string]$Password = $env:DS_PASSWORD
[string]$DVLSUrl = $env:DS_URL

[securestring]$SecPassword = ConvertTo-SecureString $Password -AsPlainText -Force
[pscredential]$Creds = New-Object System.Management.Automation.PSCredential ($Username, $SecPassword)

$Response = New-DSSession -Credential $Creds -BaseURI $DVLSUrl -AsApplication

Best regards,

Hello,

Authentication works wel, I can get a list of all vaults or PAM users with this accounts so the connection to DLVS is good with the follow commands:

Get-DSPamAccount -AsBasicInformation
Get-DSVault -all

But when I make a export of the vault with this command:

Set-RDMCurrentRepository -ID xxx
Export-RDMVault -ID xxx -Path "D:\Export\xx.rdx" -IncludeAttachments -IncludeCredentials -IncludeDocumentation -IncludeFavorite -Password $secure 

I get the following error:

Export-RDMRepository: Command available with an advanced data source only

It looks that the Export-RDMRepository only looks to a local datasource and not the New-DSSession -Credential $Creds -BaseURI $DVLSUrl -AsApplication

Get-RDMDataSource

ID          : 242739bc-6503-4f9f-9fd5-b177dc1fa799
IsConnected : True
IsOffline   : False
Name        : Local data source
Type        : SQLite

Our do I make a mistake?

Hello Freddy1,

Thank you for your feedback.

With the Devolutions PowerShell module, you need to use the cmdlet based on your connection method.
To clarify:
Get-RDM* = RDM and requires establishing a connection with Set-RDMCurrentDataSource.
Get-DS* = This is the method I shared with $Response = New-DSSession -Credential $Creds -BaseURI $DVLSUrl -AsApplication.
Get-Hub* = This is for Hub Business.

To use the RDM cmdlet with an application identity, you must configure it manually in RDM by navigating to File -> Data sources -> Edit -> PowerShell.
Alternatively, you can create it in RDM using PowerShell to connect to your DVLS.

https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/#method-1-using-remote-desktop-manager-cmdlets

Best regards,

Hi Patrick,

There is no option to export a vault through the API of Devolutions Server? In this case we need to install the RDM client on our Devoltions server to get this working and this is not a configuration we like to use.

Hello,

Thank you for this feedback.

You don't need to install RDM on the server.
By following the first method, you can create a data source information in the %localappdata% without installing RDM.
https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/

By setting the application identity to your data source information, you only have to use:
$dsname = "DVLS PowerShell"
$ds = Get-RDMDataSource -Name $dsname
Set-RDMCurrentDataSource $ds

To connect and execute your scripts.

Best regards,