PowerShell Commands |
Description
This topic is about all authentication commands and handles for PSHubContext.
|
The PowerShell Module needs to be installed to use these commands. |
|
Proper permissions are also required to perform some of these commands. Please refer to the Application Users topic. |
PSHubContext is an object that specifies your authentication information. You will need a valid PSHubContext to connect to your Hub Business. You can have many PSHubContext connected in your PowerShell session, but only one is used when you use Hub Cmdlet.
In this object, you have:
•Name: Name of the application user
•URL: Hub Business URL
•Application secret: Application secret given after the application user creation
•Application key: Application key given after the application user creation
|
•To check all available commands: Get-Command-Module <ModuleName> •To check all potential arguments and parameters set for a command: Show-Command <CommandName> |
Connection
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
Connect-HubAccount |
•PSHubContext or •Url •ApplicationKey •ApplicationSecret |
If PSHubContext is provided, try to connect to Hub with it. or If PSHubContext is not provided, create a PSHubContext with information received and try to connect to Hub afterward. |
$PSHubContext = [Devolutions.Hub.PowerShell.Entities.PowerShell.PSHubContext]@{ApplicationKey="24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554"; ApplicationSecret="U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY="; Url="https://<YourPasswordHubUrl>.devolutions.app"} Connect-HubAccount -PSHubContext $PSHubContext or Connect-HubAccount -Url https://<YourPasswordHubUrl>.devolutions.app -ApplicationKey "24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554" -ApplicationSecret U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY= |
Disconnect-HubAccount |
•ApplicationKey or •All |
If ApplicationKey is provided, disconnect and remove PSHubContext from PowerShell session. or If All is provided, disconnect and remove all PSHubContext from PowerShell session. |
Context
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
Get-HubContext |
•ListAvailable |
If ListAvailable provided, list all PSHubContext set in PowerShell session. If ListAvailable not provided, get the current PSHubContext who will be used for all other Hub commands. |
|
Set-HubContext |
•PSHubContext |
Set the current PSHubContext to the one provided. |
|
Select-HubContext |
•ApplicationKey |
Select another PSHubContext to change the current PSHubContext who will be used for all Hub commands. |
|
Save-HubContext |
•PSHubContext •Path •Force oSecurePassword or oPassword |
Save the current PSHubContext to a .json file at the path received. If PSHubContext is provided, save this one to a .sjon file. If Force is provided, overwrite file if the path already exist. If SecurePassword is provided, prompt to user to enter a password to encrypt the .json file. or If Password provided, encrypt the .json file with the password received. |
Save a standard PSHubContext. Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" If you want to securely save a PSHubContext with a password, you can do it in 2 ways: With a password passed by argument. Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -Password "password" or With SecurePassword argument, who will prompt the secure password input. Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -SecurePassword Password: [INSERT YOUR PASSWORD] |
Import-HubContext |
•Path •SecurePassword •Password |
Import a PSHubContext from a .json file at the path received. If SecurePassword is provided, prompt to enter a password to decrypt the .json file. If Password provided, decrypt the .json file with the password received. |
Import a standard PSHubContext. Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" If you want to import a file protected by password, you can do it in 2 ways: With a password passed by arguments. Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -Password "password" or With SecurePassword argument, who will prompt the secure password input. Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -SecurePassword Password: [INSERT YOUR PASSWORD] |
System settings
This section is about commands to handle system settings.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
Get-HubSystemSettings |
|
Get the psSystemSettings object. |
|
Set-HubSystemSettings |
•PSSystemSettings |
Set the system settings provided to Hub. |
Change some system settings information and save these modifications. $psSystemSettings = Get-HubSystemSettings $psSystemSettings.ForceTwoFactorAuthentication = $true $psSystemSettings.ExtendedSessionLifespan = "SevenDays" $psSystemSettings.SystemPermissions.Users["33a0253c-2bbf-43a0-9051-fb6adcb5ac7e"].ManageUsersGroups = $false; Set-HubSystemSettings -$psSystemSettings $psSystemSettings |
New-HubSystemVaultPermission |
•UserId •Role | SystemVaultPermission or •GroupId •Role | SystemVaultPermission |
Add system vault permission provided to system settings. If a user or group already exists, the permission will be overwritten. If UserId provided, set a predefined role or set a custom system vault permission to this user. or If GroupId provided, set a predefined role or set a custom system vault permission to this group. |
$newSystemVaultPermission = [Devolutions.Hub.Clients.VaultPermission]@{ AddEntries = $true } New-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $newSystemVaultPermission |
Remove-HubSystemVaultPermission |
•UserId or •GroupId |
If UserId provided, remove this user system vault permission from system settings. or If GroupId provided, remove this group system vault permission from system settings. |
|
Get-HubSystemVaultPermission |
•UserId or •GroupId |
If UserId provided, get this user system permission from system settings. or If GroupId provided, get this group system permission from system settings. |
Get a systemVaultPermission from a user to create a new systemVaultPermission with the same permissions(values) $systemVaultPermissionFromUserA = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 New-HubSystemVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemVaultPermission $systemVaultPermissionFromUserA |
Set-HubSystemVaultPermission |
•UserId •Role | SystemVaultPermission or •GroupId •Role | SystemVaultPermission |
Set a system vault permission provided. If UserId provided, set a predefined role or set a custom system vault permission to this user. or If GroupId provided, set a predefined role or set a custom system vault permission to this group. |
$systemVaultPermission = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 $systemVaultPermission.ExecuteEntries = $false; Set-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $systemVaultPermission |
New-HubSystemPermission |
•SystemPermission oUserId or oGroupId |
Add system permission provided to system settings If UserId provided, set the system permission to this user. or If GroupId provided, set the system permission to this group. |
$newSystemPermission = [Devolutions.Hub.Clients.SystemPermission]@{ AddVaults = $true } New-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $newSystemPermission |
Remove-HubSystemPermission |
•UserId or •GroupId |
If UserId provided, remove this user system permission from system settings. or If GroupId provided, remove this group system permission from system settings. |
|
Get-HubSystemPermission |
•UserId or •GroupId |
If UserId provided, get this user system permission from system settings. or If GroupId provided, get this group system permission from system settings. |
Get a systemPermission from a user to create a new systemPermission with the same permissions(values) $systemPermissionFromUserA = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 New-HubSystemPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemPermission $systemPermissionFromUserA |
Set-HubSystemPermission |
•UserId •SystemPermission or •GroupId •SystemPermission |
Set a system permission provided. If UserId provided, set system permission to this user. or If GroupId provided, set system permission to this group. |
$systemPermission = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 $systemPermission.ForcePromptLogin = $false; Set-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $systemPermission
|
Gateway
This section is about commands to handle Devolutions Gateway.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
New-HubGateway |
•PsDecryptedGateway |
Add a new Devolutions Gateway to Hub. |
$newDevolutionsGateway = [Devolutions.Hub.PowerShell.Entities.Hub.PSDecryptedGateway]@{ PsMetadata = [Devolutions.Hub.PowerShell.Entities.Hub.PSGatewayMetadata]@{ Name = 'Test Gateway From PS' }} New-HubGateway -PSDecryptedGateway $newDevolutionsGateway |
Remove-HubGateway |
•GatewayId |
Remove the Devolutions Gateway with the id provided. |
|
Set-HubGateway |
•PsDecryptedGateway |
Set a Devolutions Gateway provided. |
$psDecrpytedGateway = Get-HubGateway -GatewayId 4c6fb2dc-f7ba-4089-8bc2-b46b3bdcd1d0 $psDecrpytedGateway.PSMetadata.Name = "New Name From PS" Set-HubGateway -PSDecryptedGateway $psDecrpytedGateway |
Get-HubGateway |
•GatewayId |
Get the Devolutions Gateway with the id provided. |
|
New-HubGatewaySettings |
Create new Devolutions Gateway settings. If there are already settings, they will be overwritten. |
||
Set-HubGatewaySettings |
Set the Devolutions Gateway settings provided. |
||
Get-HubGatewaySettings |
Get the Devolutions Gateway settings. |
Vault
This section is about commands to handle vaults.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
New-HubVault |
•VaultName •VaultDescription |
Add a new vault. |
Have the permission to create vault and put name. |
Remove-HubVault |
•VaultId |
Remove this vault from Hub. |
|
Get-HubVault |
•VaultId |
If VaultId provided, get the vault by id. If VaultId not provided, get all vaults you have access. |
|
Set-HubVault |
•VaultId •PSVault |
Set vault provided to vault id mentioned. |
Change some information about a vault and save these modifications. $psVault = Get-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 $psVault.Name = "New RDP Name"; $psVault.VaultPermissions.Users["33a0253c-2bbf-43a0-9051-fb6adcb5ac7e"].ViewPassword = $false; Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psVault |
New-HubVaultPermission |
•VaultId oUserId oRole | VaultPermission or oGroupId oRole | VaultPermission |
Add vault permission provided to a specific vault. If a user or group already exists, the permission will be overwritten. If UserId provided, set a predefined role or set a custom vault permission to this user. If GroupId provided, set a predefined role or set a custom vault permission to this group. |
With a custom vaultPermission: $newVaultPermission = [Devolutions.Hub.Clients.VaultPermission]@{ AddEntries = $true } New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -VaultPermission $newVaultPermission or With a predefined role: New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -Role Operators |
Remove-HubVaultPermission |
•VaultId oUserId or oGroupId |
If UserId provided, remove this user vault permission from specific vault. If GroupId provided, remove this group vault permission from specific vault. |
|
Get-HubVaultPermission |
•VaultId oUserId or oGroupId |
If UserId provided, get this user vault permission from specific vault. If GroupId provided, get this group vault permission from specific vault. |
Get a vaultPermission from a user to create a new vaultPermission with the same permissions(values). $vaultPermissionFromUserA = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 New-HubVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermissionFromUserA |
Set-HubVaultPermission |
•VaultId oUserId oRole | VaultPermission or oGroupId oRole | VaultPermission |
Set a vault permission provided to a specific vault. If UserId provided, set a predefined role or set a custom vault permission to this user. If GroupId provided, set a predefined role or set a custom vault permission to this group. |
With a custom vaultPermission: $vaultPermission = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 $vaultPermission.ExecuteEntries = $false; Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermission or With a predefined role: Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -Role Contributors |
User
This section is about commands to handle users.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
New-HubUser |
•UserEmail •UserLocale •IsTemporaryPasswordSendByEmail |
Add a new Devolutions user or invite an existing Devolutions user. If IsTemporaryPasswordSendByEmail provided, the temporary password for new Devolutions user will be sent by email, otherwise, the temporary password is returned. |
|
New-HubOrganizationUser |
•AllowOfflineInRDM •UserSendMessageConfiguration or •PSInvitation |
Invite a user from a Devolutions Account Organization setted in your Hub. If Email, AllowOfflineInRDM and UserSendMessageConfiguration is provided, a single email will be sent. If PSInvitation is provided, you can manually set more than one email and assign groups. This command will only work if your Hub has activated Enable SSO with Devolutions Account Organization and selected a valid Devolutions Account Organization. |
Add with a PSInvitation. $psInvitation = [Devolutions.Hub.PowerShell.Entities.Hub.PSInvitation]@{AllowOfflineInRDM = $true; UserSendMessageConfiguration = [Devolutions.Hub.Clients.UserSendMessagePermission]::MessagesWithEntries; Groups = @("1f017956-1d36-4787-acaa-22b16c73cce5"); Emails = @("bob@windjammer.co");} New-HubOrganizationUser -PSInvitation $psInvitation |
Remove-HubUser |
•UserId |
Remove this user from Hub. |
|
Get-HubUser |
•UserId |
If UserId provided, get the user by id. If UserId not provided, get all users. |
|
Set-HubUser |
•UserId •PSUser |
Set user provided to user id mentioned. |
Disable a user and save. $psUser = Get-HubUser -UserId 321ec891-5674-4be0-aaf1-0c11a62eaf20 $psUser.IsEnabled = $false Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psUser |
GROUp
This section is about commands to handle groups.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
New-HubGroup |
•GroupName •GroupUserIds |
Add a new group to Hub with users if provided. |
|
Remove-HubGroup |
•GroupId |
Remove this group from Hub. |
|
Get-HubGroup |
•GroupId |
If GroupId provided, get the group by id. If GroupId not provided, get all groups. |
|
Set-HubGroup |
•GroupId •PSGroup |
Set the group provided to the group id received. |
Change the name, add a user and save group. $psGroup = Get-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd $psGroup.Name = "New Group Name" $psGroup.UserIds.Add("321ec891-5674-4be0-aaf1-0c11a62eaf20") Set-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd -$psGroup $psGroup |
Add-HubGroupUser |
•GroupId •UserIds |
Add user/users to specific group. |
|
Remove-HubGroupUser |
•GroupId •UserIds |
Remove user/users to specific group. |
Entry
This section is about commands to handle entries.
Command |
Arguments |
Description |
Code Example |
|---|---|---|---|
New-HubEntry |
•VaultId •PSDecryptedEntry |
Add a new entry to Hub with PSDecryptedEntry provided to specific vault. |
$t = [Devolutions.Hub.PowerShell.Entities.Hub.PSDecryptedEntry]@{ PsMetadata = [Devolutions.Hub.PowerShell.Entities.Hub.PSEntryMetadata]@{ Name = "Test Cred"; ParentId = "9df41856-125a-490a-8589-93afc3059924"; ConnectionType = [Devolutions.Generated.Enums.ConnectionType]::Credential }; Connection = [Devolutions.Generated.Models.Connection]@{ Credentials = [Devolutions.Generated.Models.CredentialsConnection]@{ CredentialType = [Devolutions.Generated.Enums.CredentialResolverConnectionType]::Default; Password = "passworddepowershell" } } } New-HubEntry -VaultId d334f44c-fb84-4559-b576-e1e8b68baf65 -Connection $ff |
Remove-HubEntry |
•VaultId •EntryId |
Remove this entry from specific vault. |
|
Get-HubEntry |
•VaultId •EntryId |
If EntryId provided, get this entry from a specific vault. If EntryId not provided, get all entries from a specific vault. Entry(ies) will have passwords sensitive if you have the permission. |
|
Set-HubEntry |
•VaultId •EntryId •PSDecryptedEntry |
Set the PSDecryptedEntry provided to the vault and entry mentioned. |
Change some information about an entry and save these modifications. $decryptedEntry = Get-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1 $decryptedEntry.PsMetadata.Name = "New RDP Name"; $decryptedEntry.Connection.RDP.Password = "new_password"; Set-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1 -PSDecryptedEntry $decryptedEntry |
New-HubEntryPermission |
•VaultId •EntryId oUserId oRole | EntryPermission or oGroupId oRole | EntryPermission |
Add entry permission provided to a specific entry. If a user or group already exists, the permission will be overwritten. If UserId provided, set a predefined role or set a custom entry permission to this user. or If GroupId provided, set a predefined role or set a custom entry permission to this group. |
With a custom entryPermission: $newEntryPermission = [Devolutions.Hub.Clients.EntryPermission]@{ EditEntries = $true } New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -EntryPermission $newEntryPermission With a predefined role: New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -Role Opera |
Remove-HubEntryPermission |
•VaultId •EntryId oUserId or oGroupId |
If UserId provided, remove this user entry permission from specific entry. or If GroupId provided, remove this group entry permission from specific entry. |
|
Get-HubEntryPermission |
•VaultId •EntryId oUserId or oGroupId |
If UserId provided, get this user entry permission from specific entry. or If GroupId provided, get this group entry permission from specific entry. |
Get a entryPermission from a user to create a new entryPermission with the same permissions(values) $entryPermissionFromUserA = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermissionFromUserA |
Set-HubEntryPermission |
•VaultId •EntryId oUserId oRole | EntryPermission or oGroupId oRole | EntryPermission |
Set a entry permission provided to a specific entry. If UserId provided, set a predefined role or set a custom entry permission to this user. or If GroupId provided, set a predefined role or set a custom entry permission to this group. |
With a custom entryPermission: $entryPermission = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 $entryPermission.ViewPassword = $false; Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermission With a predefined role: Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -Role Contributors |