To better support TPP as well as Venafi as a Service, this project has been renamed to VenafiPS and moved to a new project
This project will stay live for a while, but please submit all issues and questions to the new project. The new VenafiPS module has already been published to PowerShellGallery.
Documentation can be found at http://venafitppps.readthedocs.io or by using built-in PowerShell help. Every effort has been made to document each parameter and provide good examples.
| OS | PowerShell Version Tested | Status |
|---|---|---|
| Windows | 5.1 | Working! |
| Windows | Core 6.2.3+ | Working! |
| MacOS | Core 6.2.3+ | Working! |
| Linux (Ubuntu 18.04) | Core 6.2.3+ | Working! |
VenafiTppPS is published to the PowerShell Gallery. The most recent version is listed in the badge 'powershell gallery' above and can be viewed by clicking on it. To install the module, you need to have PowerShell installed first. On Windows, PowerShell will already be installed. For Linux or macOS, you will need to install PowerShell Core; follow those links for guidance. Once PowerShell is installed, start a PowerShell prompt and execute Install-Module -Name VenafiTppPS which will install from the gallery.
Start a new PowerShell prompt (even if you have one from the Install Module step) and create a new VenafiTppPS session with
$cred = Get-Credential
New-TppSession -Server 'venafi.mycompany.com' -Credential $credThis will create a session which will be used by default in other functions.
You can also use integrated authentication, simply exclude -Credential $cred. As of v2.0, token-based authentication has been added as well.
View the help on all the ways you can create a new TPP session with help New-TppSession -full.
One of the easiest ways to get started is to use Find-TppObject:
$allPolicy = Find-TppObject -Path '\ved\policy' -RecursiveThis will return all objects in the Policy folder. You can also search from the root folder, \ved.
To find a certificate object, not retrieve an actual certificate, use:
$cert = Find-TppCertificate -Limit 1Check out the parameters for Find-TppCertificate as there's an extensive list to search on.
Now you can take that certificate 'TppObject' and find all log entries associated with it:
$cert | Read-TppLogYou can also have multiple sessions at once, either to the same server with different credentials or different servers. This can be helpful to determine the difference between what different users can access or perhaps compare folder structures across environments. The below will compare the objects one user can see vs. another.
# assume you've created 1 session already as shown above...
$user2Cred = Get-Credential # specify credentials for a different/limited user
# get a session as user2 and save the session in a variable
$user2Session = New-TppSession -ServerUrl 'https://venafi.mycompany.com' -Credential $user2Cred -PassThru
# get all objects in the Policy folder for the first user
$all = Find-TppObject -Path '\ved\policy' -Recursive
# get all objects in the Policy folder for user2
$all2 = Find-TppObject -Path '\ved\policy' -Recursive -TppSession $user2Session
Compare-Object -ReferenceObject $all -DifferenceObject $all2 -Property PathPlease feel free to log an issue for any new features you would like, bugs you come across, or just simply a question. I am happy to have people contribute to the codebase as well.