PowerShell-Synchronzer - Cannot use $PASSWORD$-variable in script
PowerShell-Synchronzer - Cannot use $PASSWORD$-variable in script
Hello Fevolutions community,
i hope you can help with me with my little issue. I am building a syncronizer from our network management system (NMS) to import switches as SSH-sessions into RDM. The import itselfs works without any issues. As i tried to polish the syncronizer (i don`t want to leave the password in plain text in the script) i wanted to pass through the password for the REST-user on our NMS, but its not working.
I am currently using RDM 2025.3.22.0 with DVLS 2025.3.8.0 as our datasource. On the datasource i enabled the option for allowing to use the $PASSWORD$-variable in macros, scripts an so on. I didn`t find any another option in vault- orentry-settings which blocks the usage of this variable.
Here are the script parts where i try to set variables for the credentials:
$nmsUsername = '$USERNAME$' # working
$nmsPassword = '$PASSWORD$' # not working
$nmsPassword = ConvertTo-SecureString '$PASSWORD$' -AsPlainText -Force # also not working
Maybe some has encountered a similar issue and can help me.
Thanks in advance for the help.
Greetings from Germany,
Markus
All Comments (7)
Hello,
Thank you for reaching out regarding this,
Would you be able to provide us with the script in question so that we can have a look?
Let me know,
Best regards,
Samuel Dery
Hello Samuel,
here is the complete script, but i had cencsor some information due to their sensitivity.
$NMSUsername = '<userName>'
$NMSPassword = '<plain Password>'
#variable passthrough from RDM - currently not working
#$NMSUsername = '$USERNAME$' #working
#$NMSPassword = '$PASSWORD$' #not working
#$NMSPassword = ConvertTo-SecureString '$PASSWORD$' -AsPlainText -Force #not working
#getting token for REST-Requests
$token = Invoke-RestMethod -Uri "https://<ip NMS>/api/login" -Method Post -SkipCertificateCheck -Body ('{"userName":"' + $NMS Username + '","password":"' + $NMSPassword + '"}') -ContentType "application/json"
$headers = @{
Authorization=("Bearer " + $token.accessToken)
}
#getting devices
$devices = Invoke-RestMethod -Uri "https://<ip NMS>/api/devices" -SkipCertificateCheck -Headers $headers -ContentType "application/json"
#creating entries in RDM
Foreach ($device in $devices.response) {
$session = $RDM.Add($device.friendlyName)
$session.Host = $device.ipAddress
}
The script itself is working without issues when i leave the credentials as plain text in the script. Only if i try passing through the password for the REST-user (Line 6 or 7 - their are not commented out when i test) the script stops working and i am getting an HTTP-error (Code 401), because the authentification fails in line 10.
Thanks for the help.
Best regards,
Markus
Hello Markus,
Thank you for your reply,
Could you confirm how the "Credentials" field is setup in your entry Properties? Are you using the "Linked Vault" option? If so, inside the Linked credentials entry "Properties" under "Security Settings" is the option "Allow password in variable" enabled?
Let me know,
Best regards,
Samuel Dery
Hello Samuel,
sorry for my late response, somehow i didn`t get notified that a their was activity on this post.
I am using a linked credential from the same vault where the syncronizer ist locataed. In the credential the checkbox for "Allow password in variable" is enabled. When i click on the syncronizers dashboard the credentials are also shown. I also added some screenshots as attachments.
Best regards,
Markus
screenshot_settings.png
screenshot_syncronizer_dashboard.png
screenshot_passwort_variable_allowed.png
Hello,
Thank you for your reply,
I see, would retrieving the Credentials from the entry directly instead of using variables work for you in this case?
Something like this for example:
# pick the credential entry you want $credEntry = Get-RDMEntry -ID 'CredentialsEntryID' # read username & password (as strings) $user = $credEntry | Get-RDMEntryUsername $pass = $credEntry | Get-RDMEntryPassword -AsPlainText # build a PSCredential $sec = ConvertTo-SecureString $pass -AsPlainText -Force $cred = [pscredential]::new($user, $sec)
Let me know,
Best regards,
Samuel Dery
Hallo Samuel,
tanks for your suggestion. Unfortunately i getting this an error when i try your variant:
Skript konnte nicht ausgeführt werden: Could not load type 'Devolutions.RemoteDesktopManager.Theme' from assembly 'RemoteDesktopManager.Core, Version=2025.3.25.0, Culture=neutral, PublicKeyToken=null'. At line:1 char:1 + Import-Module Devolutions.PowerShell + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo: NotSpecified: (:) [Import-Module], TypeLoadException The 'Get-RDMEntry' command was found in the module 'Devolutions.PowerShell', but the module could not be loaded due to the following error: [Could not load type 'Devolutions.RemoteDesktopManager.Theme' from assembly 'RemoteDesktopManager.Core, Version=2025.3.25.0, Culture=neutral, PublicKeyToken=null'.] For more information, run 'Import-Module Devolutions.PowerShell'. At line:4 char:14 + $credEntry = Get-RDMEntry -ID '0519bef6-8edf-4c37-9d9c-a586862f0d01' + ~~~~~~~~~~~~ + CategoryInfo: ObjectNotFound: (Get-RDMEntry:String) [], CommandNotFoundException The 'Get-RDMEntryUsername' command was found in the module 'Devolutions.PowerShell', but the module could not be loaded due to the following error: [Could not load type 'Devolutions.RemoteDesktopManager.Theme' from assembly 'RemoteDesktopManager.Core, Version=2025.3.25.0, Culture=neutral, PublicKeyToken=null'.] For more information, run 'Import-Module Devolutions.PowerShell'. At line:6 char:35 + $omnivistaUsername = $credEntry | Get-RDMEntryUsername + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo: ObjectNotFound: (Get-RDMEntryUsername:String) [], CommandNotFoundException The 'Get-RDMEntryPassword' command was found in the module 'Devolutions.PowerShell', but the module could not be loaded due to the following error: [Could not load type 'Devolutions.RemoteDesktopManager.Theme' from assembly 'RemoteDesktopManager.Core, Version=2025.3.25.0, Culture=neutral, PublicKeyToken=null'.] For more information, run 'Import-Module Devolutions.PowerShell'. At line:7 char:35 + $omnivistaPassword = $credEntry | Get-RDMEntryPassword -AsPlainText + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo: ObjectNotFound: (Get-RDMEntryPassword:String) [], CommandNotFoundException
I also tried to load the module "Devolutions.PowerShell" with the command "Import-Module Devolutions.PowerShell" in the first line of the script, but i didn´t make a difference. Still getting the same error. I am asuming due to security restriction through our internal group policies i am gettings this error. I believe this solution approach won´t work in my case.
In the meantime i was able to find another workaround. i used the userdefined fields in the syncronizer-entry for storing the credentials. Their variables can be pared into the script without issues.
But i am still wondering why the "$Password$"-variable isn´t working. Is there any way to find out whats blocking the use of the variable?
Best regards,
Markus
Hello Markus,
Thank you for your reply,
I see, I'm glad to hear you were able to find a workaround,
No problem, we can continue to investigate this, I will do some additional tests on my end and keep you updated regarding this,
Best regards,
Samuel Dery