Please enable JavaScript to view this site.

PowerShell Commands

Description

This topic is about all authentication commands and handles for PSHubContext.

BadgeInfo48x48

The PowerShell Module needs to be installed to use these commands.

ShieldCaution48x48

Proper permissions are also required to perform some of these commands. Please refer to the Application Users topic.

PSHubContext is an object that specifies your authentication information. You will need a valid PSHubContext to connect to your Password Hub Business. You can have many PSHubContext connected in your PowerShell session, but only one is used when you use Hub Cmdlet.

In this object, you have:

Name: Name of the application user

URL: Password Hub Business URL

Application secret: Application secret given after the application user creation

Application key: Application key given after the application user creation

BadgeInfo48x48

To check all available commands: Get-Command-Module <ModuleName>

To check all potential arguments and parameters set for a command: Show-Command <CommandName>

Connection

Commands

Arguments

Description

Code Example

Connect-HubAccount

PSHubContext

or

Url

ApplicationKey

ApplicationSecret

If PSHubContext is provided, try to connect to Hub with it.

or

If PSHubContext is not provided, create a PSHubContext with information received and try to connect to Hub afterward.

$PSHubContext = [Devolutions.Hub.PowerShell.Entities.PowerShell.PSHubContext]@{ApplicationKey="24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554"; ApplicationSecret="U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY="; Url="https://<YourPasswordHubUrl>.devolutions.app"}

Connect-HubAccount -PSHubContext $PSHubContext

or

Connect-HubAccount -Url https://<YourPasswordHubUrl>.devolutions.app -ApplicationKey "24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554" -ApplicationSecret U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY=

Disconnect-HubAccount

ApplicationKey

or

All

If ApplicationKey is provided, disconnect and remove PSHubContext from PowerShell session.

or

If All is provided, disconnect and remove all PSHubContext from PowerShell session.


Context

Commands

Arguments

Description

Code Example

Get-HubContext

ListAvailable

If ListAvailable provided, list all PSHubContext set in PowerShell session.

If ListAvailable not provided, get the current PSHubContext who will be used for all other Hub commands.


Set-HubContext

PSHubContext

Set the current PSHubContext to the one provided.


Select-HubContext

ApplicationKey

Select another PSHubContext to change the current PSHubContext who will be used for all Hub commands.


Save-HubContext

PSHubContext

Path

Force

oSecurePassword

or

oPassword

Save the current PSHubContext to a .json file at the path received.

If PSHubContext is provided, save this one to a .sjon file.

If Force is provided, overwrite file if the path already exist.

If SecurePassword is provided, prompt to user to enter a password to encrypt the .json file.

or

If Password provided, encrypt the .json file with the password received.

Save a standard PSHubContext.

Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json"

If you want to securely save a PSHubContext with a password, you can do it in 2 ways:

With a password passed by argument.

Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -Password "password"

or

With SecurePassword argument, who will prompt the secure password input.

Save-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -SecurePassword

Password: [INSERT YOUR PASSWORD]

Import-HubContext

Path

SecurePassword

Password

Import a PSHubContext from a .json file at the path received.

If SecurePassword is provided, prompt to enter a password to decrypt the .json file.

If Password provided, decrypt the .json file with the password received.

Import a standard PSHubContext.

Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json"

If you want to import a file protected by password, you can do it in 2 ways:

With a password passed by arguments.

Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -Password "password"

or

With SecurePassword argument, who will prompt the secure password input.

Import-HubContext -Path "C:\PATH\TO\YOUR\FILE\file.json" -SecurePassword

Password: [INSERT YOUR PASSWORD]

System settings

This section is about commands to handle system settings.

Commands

Arguments

Description

Code Example

Get-HubSystemSettings

 

Get the psSystemSettings object.


Set-HubSystemSettings

PSSystemSettings

Set the system settings provided to Hub.

Change some system settings information and save these modifications.

$psSystemSettings = Get-HubSystemSettings

$psSystemSettings.ForceTwoFactorAuthentication = $true

$psSystemSettings.ExtendedSessionLifespan = "SevenDays"

$psSystemSettings.SystemPermissions.Users["33a0253c-2bbf-43a0-9051-fb6adcb5ac7e"].ManageUsersGroups = $false;

Set-HubSystemSettings -$psSystemSettings $psSystemSettings

New-HubSystemVaultPermission

UserId

Role | SystemVaultPermission

or

GroupId

Role | SystemVaultPermission

Add system vault permission provided to system settings. If a user or group already exists, the permission will be overwritten.

If UserId provided, set a predefined role or set a custom system vault permission to this user.

or

If GroupId provided, set a predefined role or set a custom system vault permission to this group.

$newSystemVaultPermission = [Devolutions.Hub.Clients.VaultPermission]@{ AddEntries = $true }

New-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $newSystemVaultPermission

Remove-HubSystemVaultPermission

UserId

or

GroupId

If UserId provided, remove this user system vault permission from system settings.

or

If GroupId provided, remove this group system vault permission from system settings.


Get-HubSystemVaultPermission

UserId

or

GroupId

If UserId provided, get this user system permission from system settings.

or

If GroupId provided, get this group system permission from system settings.

Get a systemVaultPermission from a user to create a new systemVaultPermission with the same permissions(values)

$systemVaultPermissionFromUserA = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubSystemVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemVaultPermission $systemVaultPermissionFromUserA

Set-HubSystemVaultPermission

UserId

Role | SystemVaultPermission

or

GroupId

Role | SystemVaultPermission

Set a system vault permission provided.

If UserId provided, set a predefined role or set a custom system vault permission to this user.

or

If GroupId provided, set a predefined role or set a custom system vault permission to this group.

$systemVaultPermission = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

$systemVaultPermission.ExecuteEntries = $false;

Set-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $systemVaultPermission

New-HubSystemPermission

SystemPermission

oUserId

or

oGroupId

Add system permission provided to system settings

If UserId provided, set the system permission to this user.

or

If GroupId provided, set the system permission to this group.

$newSystemPermission = [Devolutions.Hub.Clients.SystemPermission]@{ AddVaults = $true }

New-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $newSystemPermission

Remove-HubSystemPermission

UserId

or

GroupId

If UserId provided, remove this user system permission from system settings.

or

If GroupId provided, remove this group system permission from system settings.


Get-HubSystemPermission

UserId

or

GroupId

If UserId provided, get this user system permission from system settings.

or

If GroupId provided, get this group system permission from system settings.

Get a systemPermission from a user to create a new systemPermission with the same permissions(values)

$systemPermissionFromUserA = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubSystemPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemPermission $systemPermissionFromUserA

Set-HubSystemPermission

UserId

SystemPermission

or

GroupId

SystemPermission

Set a system permission provided.

If UserId provided, set system permission to this user.

or

If GroupId provided, set system permission to this group.

$systemPermission = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

$systemPermission.ForcePromptLogin = $false;

Set-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $systemPermission

 

Vault

This section is about commands to handle vault.

Commands

Arguments

Description

Code Example

New-HubVault

VaultName

VaultDescription

Add a new vault.

Have the permission to create vault and put name.

Remove-HubVault

VaultId

Remove this vault from Hub.


Get-HubVault

VaultId

If VaultId provided, get the vault by id.

If VaultId not provided, get all vaults you have access.


Set-HubVault

VaultId

PSVault

Set vault provided to vault id mentioned.

Change some information about a vault and save these modifications.

$psVault = Get-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1

$psVault.Name = "New RDP Name";

$psVault.VaultPermissions.Users["33a0253c-2bbf-43a0-9051-fb6adcb5ac7e"].ViewPassword = $false;

Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psVault

New-HubVaultPermission

VaultId

oUserId

oRole | VaultPermission

or

oGroupId

oRole | VaultPermission

Add vault permission provided to a specific vault. If a user or group already exists, the permission will be overwritten.

If UserId provided, set a predefined role or set a custom vault permission to this user.

If GroupId provided, set a predefined role or set a custom vault permission to this group.

With a custom vaultPermission:

$newVaultPermission = [Devolutions.Hub.Clients.VaultPermission]@{ AddEntries = $true }

New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -VaultPermission $newVaultPermission

or

With a predefined role:

New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -Role Operators

Remove-HubVaultPermission

VaultId

oUserId

or

oGroupId

If UserId provided, remove this user vault permission from specific vault.

If GroupId provided, remove this group vault permission from specific vault.


Get-HubVaultPermission

VaultId

oUserId

or

oGroupId

If UserId provided, get this user vault permission from specific vault.

If GroupId provided, get this group vault permission from specific vault.

Get a vaultPermission from a user to create a new vaultPermission with the same permissions(values).

$vaultPermissionFromUserA = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermissionFromUserA

Set-HubVaultPermission

VaultId

oUserId

oRole | VaultPermission

or

oGroupId

oRole | VaultPermission

Set a vault permission provided to a specific vault.

If UserId provided, set a predefined role or set a custom vault permission to this user.

If GroupId provided, set a predefined role or set a custom vault permission to this group.

With a custom vaultPermission:

$vaultPermission = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984

$vaultPermission.ExecuteEntries = $false;

Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermission

or

With a predefined role:

Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -Role Contributors

User

This section is about commands to handle users.

Commands

Arguments

Description

Code Example

New-HubUser

UserEmail

UserLocale

IsTemporaryPasswordSendByEmail

Add a new Devolutions user or invite an existing Devolutions user.

If IsTemporaryPasswordSendByEmail provided, the temporary password for new Devolutions user will be sent by email, otherwise, the temporary password is returned.


New-HubOrganizationUser

Email

AllowOfflineInRDM

UserSendMessageConfiguration

or

PSInvitation

Invite a user from a Devolutions Account Organization setted in your Hub.

If Email, AllowOfflineInRDM and UserSendMessageConfiguration is provided, a single email will be sent.

If PSInvitation is provided, you can manually set more than one email and assign groups.

This command will only work if your Hub has activated Enable SSO with Devolutions Account Organization and selected a valid Devolutions Account Organization.

Add with a PSInvitation.

$psInvitation = [Devolutions.Hub.PowerShell.Entities.Hub.PSInvitation]@{AllowOfflineInRDM = $true; UserSendMessageConfiguration = [Devolutions.Hub.Clients.UserSendMessagePermission]::MessagesWithEntries; Groups = @("1f017956-1d36-4787-acaa-22b16c73cce5"); Emails = @("nathan.lachance@devolutions.net");}

New-HubOrganizationUser -PSInvitation $psInvitation

Remove-HubUser

UserId

Remove this user from Hub.


Get-HubUser

UserId

If UserId provided, get the user by id.

If UserId not provided, get all users.


Set-HubUser

UserId

PSUser

Set user provided to user id mentioned.

Disable a user and save.

$psUser = Get-HubUser -UserId 321ec891-5674-4be0-aaf1-0c11a62eaf20

$psUser.IsEnabled = $false

Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psUser

GROUp

This section is about commands to handle group.

Commands

Arguments

Description

Code Example

New-HubGroup

GroupName

GroupUserIds

Add a new group to Hub with users if provided.


Remove-HubGroup

GroupId

Remove this group from Hub.


Get-HubGroup

GroupId

If GroupId provided, get the group by id.

If GroupId not provided, get all groups.


Set-HubGroup

GroupId

PSGroup

Set the group provided to the group id received.

Change the name, add a user and save group.

$psGroup = Get-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd

$psGroup.Name = "New Group Name"

$psGroup.UserIds.Add("321ec891-5674-4be0-aaf1-0c11a62eaf20")

Set-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd -$psGroup $psGroup

Add-HubGroupUser

GroupId

UserIds

Add user/users to specific group.


Remove-HubGroupUser

GroupId

UserIds

Remove user/users to specific group.


Entry

This section is about commands to handle entry.

Commands

Arguments

Description

Code Example

New-HubEntry

VaultId

PSDecryptedEntry

Add a new entry to Hub with PSDecryptedEntry provided to specific vault.

$t = [Devolutions.Hub.PowerShell.Entities.Hub.PSDecryptedEntry]@{ PsMetadata = [Devolutions.Hub.PowerShell.Entities.Hub.PSEntryMetadata]@{ Name = "Test Cred"; ParentId = "9df41856-125a-490a-8589-93afc3059924"; ConnectionType = [Devolutions.Generated.Enums.ConnectionType]::Credential }; Connection = [Devolutions.Generated.Models.Connection]@{ Credentials = [Devolutions.Generated.Models.CredentialsConnection]@{ CredentialType = [Devolutions.Generated.Enums.CredentialResolverConnectionType]::Default; Password = "passworddepowershell" } } }

New-HubEntry -VaultId d334f44c-fb84-4559-b576-e1e8b68baf65 -Connection $ff

Remove-HubEntry

VaultId

EntryId

Remove this entry from specific vault.


Get-HubEntry

VaultId

EntryId

If EntryId provided, get this entry from a specific vault.

If EntryId not provided, get all entries from a specific vault.

Entry(ies) will have passwords sensitive if you have the permission.


Set-HubEntry

VaultId

EntryId

PSDecryptedEntry

Set the PSDecryptedEntry provided to the vault and entry mentioned.

Change some information about an entry and save these modifications.

$decryptedEntry = Get-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1

$decryptedEntry.PsMetadata.Name = "New RDP Name";

$decryptedEntry.Connection.RDP.Password = "new_password";

Set-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1 -PSDecryptedEntry $decryptedEntry

New-HubEntryPermission

VaultId

EntryId

oUserId

oRole | EntryPermission

or

oGroupId

oRole | EntryPermission

Add entry permission provided to a specific entry. If a user or group already exists, the permission will be overwritten.

If UserId provided, set a predefined role or set a custom entry permission to this user.

or

If GroupId provided, set a predefined role or set a custom entry permission to this group.

With a custom entryPermission:

$newEntryPermission = [Devolutions.Hub.Clients.EntryPermission]@{ EditEntries = $true }

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -EntryPermission $newEntryPermission

With a predefined role:

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -Role Opera

Remove-HubEntryPermission

VaultId

EntryId

oUserId

or

oGroupId

If UserId provided, remove this user entry permission from specific entry.

or

If GroupId provided, remove this group entry permission from specific entry.


Get-HubEntryPermission

VaultId

EntryId

oUserId

or

oGroupId

If UserId provided, get this user entry permission from specific entry.

or

If GroupId provided, get this group entry permission from specific entry.

Get a entryPermission from a user to create a new entryPermission with the same permissions(values)

$entryPermissionFromUserA = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermissionFromUserA

Set-HubEntryPermission

VaultId

EntryId

oUserId

oRole | EntryPermission

or

oGroupId

oRole | EntryPermission

Set a entry permission provided to a specific entry.

If UserId provided, set a predefined role or set a custom entry permission to this user.

or

If GroupId provided, set a predefined role or set a custom entry permission to this group.

With a custom entryPermission:

$entryPermission = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984

$entryPermission.ViewPassword = $false;

Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermission

With a predefined role:

Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -Role Contributors