PowerShell script exchange
Post Reply
rnickle
Novice
Posts: 3
Liked: never
Joined: May 14, 2021 3:47 pm
Full Name: Richard Nickle
Contact:

v11 Add-VBRCredentials Powershell Usability and Enhancements

Post by rnickle »

My use model:

$ Add-VBRCredentials -Type LinuxPublicKey -User veeamuser -PrivateKeyPath C:\windows\veeam\ssh\veeamusr_id_rsa -ElevateToRoot -Password "" -Passphrase $PASSPHRASE

Repeat two more times:

$ Add-VBRCredentials -Type LinuxPublicKey -User veeamuser -PrivateKeyPath C:\windows\veeam\ssh\veeamusr_id_rsa -ElevateToRoot -Password "" -Passphrase $PASSPHRASE
$ Add-VBRCredentials -Type LinuxPublicKey -User veeamuser -PrivateKeyPath C:\windows\veeam\ssh\veeamusr_id_rsa -ElevateToRoot -Password "" -Passphrase $PASSPHRASE

$ Get-VBRCredentials -Name veeamusr

Name Description
---- -----------
veeamusr Created by Powershell at 5/14/2021 11:38:26 AM.
veeamusr Created by Powershell at 5/14/2021 11:36:51 AM.
veeamusr Created by Powershell at 5/14/2021 12:19:02 PM.
  • get-vbrcredentials does not have a feature to return the private key submitted, so I cannot programmatically determine if an existing key has the same private key or if it needs to be updated.
Suggestions:
  • New Add-VBRCredentials flag '-update' overwrites existing credential with unique key being the name
  • New Add-VBRCredentials flag '-unique' returns error code if credential already exists in the desired state
  • New Get-VBRCredentials flag '-privatekeyhash' that returns a SHA256 hash of the key to enable validation
In lieu of that, it looks like my best option would be to store the hash in the description field.

Thank you,

Rick

Referencing:

powershell-f26/add-vbrcredentials-crede ... 18758.html

Internal Reference:

BSE-10950
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: v11 Add-VBRCredentials Powershell Usability and Enhancements

Post by HannesK » 1 person likes this post

Hello,
when I use Linux credentials via PowerShell I put all necessary information into the description. Maybe that could be a workaround for you.

Best regards,
Hannes
oleg.feoktistov
Veeam Software
Posts: 1912
Liked: 635 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: v11 Add-VBRCredentials Powershell Usability and Enhancements

Post by oleg.feoktistov »

Hi Richard,

I'll take some time to recheck if there is a way to determine a private ket file hash internally and let you know.
Meanwhile, could you please elaborate on the points below? I'm not quite sure I understood their aim:
New Add-VBRCredentials flag '-update' overwrites existing credential with unique key being the name
New Add-VBRCredentials flag '-unique' returns error code if credential already exists in the desired state
Thanks,
Oleg
rnickle
Novice
Posts: 3
Liked: never
Joined: May 14, 2021 3:47 pm
Full Name: Richard Nickle
Contact:

Re: v11 Add-VBRCredentials Powershell Usability and Enhancements

Post by rnickle »

Thanks Oleg,

I think your question exposes that my idea for 'Add-VBRCredentials -update' is invalid, because that functionality would belong to 'Set-VBRCredentials'.

So what I think would be useful for my case is:

* Add-VBRCredential -unique "fields" [-other_args]

And the purpose of this flag would be to ensure that a script can easily determine if a credential in that state already exists.

In this situation, if a credential already existed which matched the fields passed in other_args, it would return an error indicating that the requested credential with that 'key' already existed.

Example:

[ initial state no credentials exist ]

$ add-vbrcredential -unique user,description,type -user veeamuser -password '' -description 'veeam user' -type linuxpubkey -privatekey '<KEY>'
$ echo $?
True

Would add the credential, because the tuple 'user,description,type' does not exist.

Running the same things again would fail, because now the tuple would exist:

$ add-vbrcredential -unique user,description,type -user veeamuser -password '' -description 'veeam user' -type linuxpubkey -privatekey '<KEY>'
$ echo $?
False

But running with a different value in the tuple would succeed (if you needed to have multiple keys, for example):

$ add-vbrcredential -unique user,description,type -user veeamuser -password '' -description 'veeam user FF883C' -type linuxpubkey -privatekey '<KEY>'
$ echo $?
True

The workaround is to write pretty much the same code as described Hannes.

Thank you and have a nice day,

Rick

powershell-f26/add-vbrcredentials-crede ... 18758.html
oleg.feoktistov
Veeam Software
Posts: 1912
Liked: 635 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: v11 Add-VBRCredentials Powershell Usability and Enhancements

Post by oleg.feoktistov »

I think such parameters are out of scope of addition cmdlets in general. This is more of a job for filtering, which can be adjusted natively:

Code: Select all

$creds = Get-VBRCredentials -Name 'useraccount'
$detected = @()
foreach ($cred in $creds) {
  if ($cred.Description -eq 'hash1') {
    $detected += $cred
  }
}

if ($detected -ne $null) {
 Write-Host Record with such hash already exists -Foreground Red
}

else {
 Add-VBRCredentials -User 'useraccount' -Password xxxx -Type LinuxPubKey -Description 'hash1'
 Write-Host Added successfully -ForegroundColor Red
} 
Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 28 guests