class Secreto

Secreto is a ruby class to interact with Thycotic Secret Server

Supported Operations¶ ↑

Login
Retrieve a secret
Add a Secret
Add a Folder

Public Class Methods

new(wsdl, ssl_verify_mode, ssl_version) click to toggle source

Constructor

# File lib/secreto.rb, line 15
def initialize(wsdl, ssl_verify_mode, ssl_version)
  @@wsdl=wsdl
  @@ssl_verify_mode=ssl_verify_mode
  @@ssl_version=ssl_version
  client = Savon.client(wsdl: @@wsdl, ssl_verify_mode: :none, ssl_version: :TLSv1)
  @@secretTemplates = []
end

Public Instance Methods

Authenticate(username, password, domain) click to toggle source

Authenticates with Secret Server

Attributes¶ ↑

username - Username for secret Server
password - Password
domain - Domain Name

# File lib/secreto.rb, line 30
def Authenticate(username, password, domain)
  client = Savon.client(wsdl: @@wsdl, ssl_verify_mode: :none, ssl_version: :TLSv1)

  response = client.call(:authenticate, message: {
    username: username,
    password: password,
    organization: "",
    domain: domain 
  })

  @@token = response.to_hash[:authenticate_response][:authenticate_result][:token]
  getSecretTemplates()
  return @@token
end

GetSecretByHostName(hostName,objectType) click to toggle source

Retrieve the secret Details

Attributes¶ ↑

hostName - Name of the Secret to search
objectType - Object Type. For example Machine

# File lib/secreto.rb, line 117
def GetSecretByHostName(hostName,objectType)
      thesame = lambda { |key| hostName }    
  client = Savon.client(wsdl: @@wsdl, ssl_verify_mode: :none, ssl_version: :TLSv1, convert_request_keys_to: :none)
  response = client.call(:get_secrets_by_field_value, message: {
    token: @@token,
    fieldName: objectType,
    searchTerm: hostName,
  })
  doc = Nokogiri::XML.parse(response.to_xml)
  items = doc.xpath('//foo:Id', 'foo' =>  'urn:thesecretserver.com')
  if not items[0].nil?
    if not items[0].content.nil?
      return GetSecret(items[0].content)
    end
  end
end

createFolder(folderName,parentFolder) click to toggle source

Create a Folder

Attributes¶ ↑

folderName - Name of the folder you want to create
parentFolder - Parent Folder Name (Give full path /TOPLEVEL/Folder 1/Folder 2

# File lib/secreto.rb, line 140
def createFolder(folderName,parentFolder)
      thesame = lambda { |key| hostName }    
  client = Savon.client(wsdl: @@wsdl, ssl_verify_mode: :none, ssl_version: :TLSv1, convert_request_keys_to: :none)
  parentId = getFolder(parentFolder)
  if parentId.nil?
    print "Parent Folder " + parentFolder + " doesn't exist"
    return nil
  else
    response = client.call(:folder_create, message: {
      token: @@token,
      folderName: folderName,
      parentFolderId: parentId,
      folderTypeId: 1
    })
    doc = Nokogiri::XML.parse(response.to_xml)
    puts doc
  end
end

createSecret(folderName,secretType,secretName,fieldKeys,fieldValues) click to toggle source

Create a Secret

Attributes¶ ↑

folderName - Folder Name where secret will be added (Give full path /TOPLEVEL/Folder 1/Folder 2
secretType - Secret Type For ex Password/Active Directory Account
secretName - Name of Secret
fieldKeys - List of Items in secret
fieldValues - Value of secret Items

# File lib/secreto.rb, line 248
def createSecret(folderName,secretType,secretName,fieldKeys,fieldValues)
  if fieldKeys.length != fieldValues.length
    print "For each key there should be a value [" + fieldKeys.join(",") + " != " + fieldValues.join(",") + "]\n"
    return nil
  end
  templateFields = nil
  templateId = nil
  @@secretTemplates.each { |x| 
    if x['Name'] == secretType
      templateFields = x['Fields']['SecretField']
      templateId = x['Id']
      break
    end
  }
  if templateFields.nil?
    print "secretType " + secretType + " is not available" + "\n"
    return nil
  else
    #puts templateFields
    fieldIds = []
    fieldKeys.each { |fkey|
      templateFields.each { |field|
        if field['DisplayName'] == fkey
          fieldIds.push(field['Id'])
        end
      }
    }
    if fieldIds.length != fieldKeys.length
      print "Not all secretField were found [" + fieldKeys.join(",") + "]\n"
      return nil
    end
    # All Found
  end
  secretFieldIds = "<ns1:secretFieldIds>"
  fieldIds.each { |fid|
    secretFieldIds = secretFieldIds + "<ns1:int>" + fid.to_s + "</ns1:int>"
  }
  secretFieldIds = secretFieldIds + "</ns1:secretFieldIds>"

  secretItemValues = "<ns1:secretItemValues>"
  fieldValues.each { |fval|
    secretItemValues = secretItemValues + "<ns1:string>" + fval.to_s + "</ns1:string>"
  }
  secretItemValues = secretItemValues + "</ns1:secretItemValues>"


  folderId=getFolder(folderName)
  if folderId.nil?
    print "Folder " + folderName + " is not found"
    return nil
  end
  xmlString = '<?xml version="1.0" encoding="utf-8"?>' +
    '<SOAP-ENV:Envelope xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:thesecretserver.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' +
    '<SOAP-ENV:Header/>' +
    '  <ns0:Body>' +
    '    <ns1:AddSecret>' +
    '      <ns1:token><ns1:token>' + @@token.to_s + '</ns1:token>' + 
    '      <ns1:secretTypeId>' + templateId + '</ns1:secretTypeId>' + 
    '      <ns1:secretName>' + secretName + '</ns1:secretName>' + 
    secretFieldIds +
    secretItemValues +
    '      <ns1:folderId>' + folderId + '</ns1:folderId>' +
    '    </ns1:token>' +
    '    </ns1:AddSecret>' +
    '  </ns0:Body>' +
    '</SOAP-ENV:Envelope>'

  client = Savon.client(wsdl: @@wsdl, ssl_verify_mode: :none, ssl_version: :TLSv1)
  response = client.call(:add_secret, xml: xmlString)
  puts response.to_xml
end