Add new output format for
Get-TppAttribute using the parameter
-New. Attributes will now be provided as object properties as opposed to individual objects for each property, which made it difficult to retrieve the value itself. This new format is available for all ways of using the function including attribute, effective attribute, and policy retrieval. This new format will become the default in the future.
Get-TppAttribute -PolicyClass -All to retrieve all policy attributes at once
New-TppCertificate -WorkToDoTimeout to override the global setting for a CA to issue/renew certificate
Add support for api limitation of 5k clients at a time when calling
Add support for VaaS user matching rules with
Add setting common name, if not provided, as the object name in
#110 Fix syntax error when using
-Guid has been deprecated from
Search-TppHistory to find historical items by attribute value and their associated current item
Move-TppObject not appending object name when moving multiple objects to a new folder and passed via pipeline
Find-TppObject to allow passing of empty string for
-Pattern to find objects which don't have a value set
Fix certain aliases not being exported
Add authentication options, VaaS key or TPP token, in addition to VenafiSession to be provided directly to any function that supports that platform. This better enables devops scenarios so 1 call can be made for a function as opposed to executing New-VenafiSession first. Note, if using this with TPP, an environment variable named TppServer with the url of the server must be set.
Test-VenafiSession private function to add support for the new authentication methods as VenafiSession.Validate isn't used.
Invoke-VenafiRestMethod has been updated to accept these new authentication methods as well.
Add option to export from VaaS in JKS format
Migrate docs site to Material theme
Find-VenafiCertificate and add VaaS certificate search functionality
New-VenafiTeam so a team can be associated with one or more policies
PolicyPath property of
TppObject not returning the proper value due to special characters
New-VaasSearchQuery (private function) as the framework for VaaS searching including filtering, ordering, and paging. This will be used by certificate search, log search, and probably more in the future.
Read-VenafiLog utilizing the new search framework for VaaS. Merge existing
Read-TppLog into 1 function to support both VaaS and TPP.
Get-VenafiTeam to retrieve all or specific team info, VaaS and TPP
New-VenafiTeam to create a new team, VaaS and TPP
Remove-VenafiTeam to remove a team, VaaS and TPP
Add-VenafiTeamMember to add a team member, VaaS and TPP
Add-VenafiTeamOwner to add a team owner, VaaS and TPP
Remove-VenafiTeamMember to remove a team member, VaaS and TPP
Remove-VenafiTeamOwner to remove a team owner, VaaS and TPP
ConvertTo-TppIdentity to standardize TPP identity objects
Get-VenafiIdentity to retrieve a specific identity, the current user, or all, VaaS and TPP. This replaces
Get-TppIdentity. The ability to retrieve associated identities and group members has been extended to
Invoke-VenafiRestMethod in remaining internal module calls
Move key/token refresh messaging to TPP only in
VenafiSession as no refresh for VaaS
Invoke-VenafiRestMethod to v1 for VaaS
VenafiSession reporting incorrect session platform on PS v5
Export-VenafiCertificate for VaaS failing with ConvertTo-Json error
Add support for double slash paths used by the adaptable framework,
AsValue parameter to
Get-TppAttribute making it easy to retrieve just the value when 1 attribute is requested
Update return type when using
Find-TppCertificate -CountOnly from string to int
-IncludeMembers parameter to
Get-TppIdentity to include members if the identity is a group,
Get-TppIdentity to return
IsGroup for all objects, not just ones where IsGroup is true
Get-TppIdentity -IncludeAssociated to return the property
Associated for all objects, not just ones where there was a value
Test-TppToken to validate a token stored in a vault,
-Csr parameter to
-Application parameters to
New-TppCertificate to allow creation of devices and apps
NoWorkToDo parameter to
New-TppCertificate to turn off processing for that update
Fix revision part of version being -1 when running
#80 Fix Invoke-VenafiRestMethod alias not working in PS v5 in VenafiSession,
#85 Fix duplicate parameter error using
#82 Update vault usage in readme,
#71, add group and event id validation to
Write-TppLog as well as help updates
Add the ability to access classes and enums outside the module
Add paging to
Find-TppCertificate, deprecation messaging for
-Offset in favor of PS standard
Get-VenafiCertificate to ensure empty values for some date properties don't cause an exception
-CustomField property to
New-TppCertificate, required when working with mandatory custom fields.
New-TppCertificate to ensure
-CertificateType property is honored
Update with new Venafi logo
BREAKING CHANGE: Fix #4, Remove-TppCertificate deletes associated objects by default, add
-KeepAssociatedApps and remove
Add pipeline support to
Move-TppObject. Use this to move multiple objects to the same target path.
-PassThru option to
Convert-TppObject. This is helpful in piping to Set-TppAttribute to update the driver and any other attributes needed.
Find-TppObject class search to default to searching all policies recursively if no path provided
Add Platform and AuthType properties to VenafiSession class. This helps better define and validate tpp vs vaas and key vs token.
Cleanup all docs.venafi.com links to reference 'current' instead of a specific version
#63, New-VenafiSession vault params fail if SecretManagement module not loaded in current session Better document token/key secret usage in readme
Moved to Venafi GitHub org, rebranded
License is now Apache 2.0 Add
Find-TppClient to get information about registered Server Agents or Agentless clients
Find-TppVaultId to find vault IDs in the secret store
Get-TppCredential to get different credential types, password, username/password, certificate
Get-TppIdentity to retrieve associated groups and folders
Remove-TppClient to remove registered client agents
Set-TppCredential to update credential values
Convert dates from ISO 8601 to datetime objects in
Older versions of TPP failing to update attributes,
#50 Fix pipeline for
-Path parameter with
BREAKING CHANGE: change parameter
Rename-TppObject to allow moving an object in addition to renaming
Convert-TppObject to change the class/type of an existing object
Fix typos in examples for
Set the default for
Find-TppObject to \ved\policy. Running
Find-TppObject without a path will now recursively search from \ved\policy.
Add additional pipeline options to
Add help and examples to
#48 Set VenafiSession default value in
-All option to
Get-TppAttribute to get ALL effective attribute values for an object. This will provide the values as well as the path where the policy was applied
Add getting policies (policy attributes) with
Add setting policies (policy attributes) with
Invoke-VenafiCertificateAction. This is your one stop shop for certificate actions on TPP or VaaS. You can Retire, Reset, Renew, Push, Validate, or Revoke.
Cleanup output and verbose logging with
Fix parameter set issue in
New-VenafiSession, ensure version and custom field info retrieval doesn't occur when creating a VaaS session
Remove validation/limitation from
Get-TppCustomField to only retrieve classes of type X509 Certificate and Device
Retrieve Application Base custom fields during
Fix parameter sets in
Import-TppCertificate requiring PrivateKey be provided with PKCS#12 certificate,
New-TppCertificate to submit values to the CA during enrollment
Add support for local token/key storage with
PowerShell SecretManagement. Store your access or refresh token securely and have VenafiPS use it to create a new session. Add
Get-TppClassAttribute to list all attributes for a specific class. Helpful for attribute validation and getting values for all attributes.
Add support for token refresh to
New-TppToken. Auto-refresh $VenafiSession when token expires and we have a refresh token.
#33 Fix invalid grant details in
#32 Update Version in VenafiSession object, from
Get-TppVersion, to be of type Version. Drop Revision from version so now only 3 octets. This assists in performing version validation.
New-TppToken to account for a bug in pre 21.3 which expected the client_id to be lowercase
Test-TppToken to validate the tpp version is supported
Fix/finalize certificate-based oauth token support,
Thanks to @harrisonmeister for this contribution!
Add support to
-IncludePrivateKey when using JKS format,
#24 and #26 Add 'CertificateData' to the list of values hidden with
#25 Help updates
Thanks to @wilddev65 for this contribution!
Test-TppToken function to test if a TPP token is valid.
Tests an AccessToken, TppToken, or VenafiSession
-GrantDetail parameter returns detailed info about token from TPP server response
New-TppToken to capture the refresh token expiry if part of the response.
Find-TppCertificate to add
-CertificateType as a parameter to filter results by type of certificate. Can use CodeSigning, Device, Server, and/or User.
Get-VenafiCertificate to get historical certificate versions with
-ExcludeRevoked filters the results.
Revoke-TppToken -AccessToken not decrypting password
Change from name and value parameters to hashtable
API calls were sending deprecated payloads, fix this
Add custom field validation and
-BypassValidation switch. The validation is field type aware and will validate string, date, list, and identity.
-Force parameter to
Revoke-TppCertificate to bypass confirmation prompt
-EventId parameter to
Read-TppLog to filter by a specific event id.
Add EventId to
Read-TppLog output. The value matches the hex value seen in Event Definitions in TPP.
Add -UseBasicParsing to
Invoke-WebRequest to avoid IE profile error
Find-TppCertificate to return the number of certificates found based on the filters provided,
#12 Move from
Invoke-VenafiRestMethod so we get response headers, to be used with
Invoke-VenafiRestMethod has a new parameter,
-FullResponse, to retrieve the complete response, not just content value.
New-HttpQueryString private function to support HEAD api calls which require a query string and not body.
Test-TppIdentityFormat which was failing when the identity guid was surrounded with curly braces
-Limit parameter and standardize on
#10, Get-VenafiCertificate not recognizing session. 3.0.2
Test-ModuleHash to validate the script files in the module. The release pipeline has been updated to create a GitHub release with a file which stores the file hashes with SHA256. This function will validate the current module against these hashes and provide true/false for success or failure.
#6, truncation on json conversion. 3.0
Rebrand from VenafiTppPS to VenafiPS as the module will now support Venafi products other than TPP. Functions with -Tpp in the name will now be TPP only, -Vaas will be for Venafi as a Service only, and -Venafi will be both
New-VenafiSession and add support for Venafi as a Service. Use the parameter
Export-VenafiCertificate and now supports Venafi as a Service. Alias added so existing scripts don't break.
Get-VenafiCertificate and now supports Venafi as a Service. Alias added so existing scripts don't break.
Get-VaasOrgUnit for OutagePREDICT
Get-VaasApplication for OutagePREDICT
All tokens and keys have been changed from plaintext to PSCredential for added security
-KeystorePassword option to
#147. Thanks @Curtmcgirt! 2.2.3
Revoke-TppToken doesn't show target. Thanks @wilddev65!
Rename 'Provision' to 'Push', aliases added for existing code
Get-TppDevice only accepting IP address for host, not hostname. Thanks @Curtmcgirt!
#131, add examples to
New-TppCapiApplication. Thanks @Curtmcgirt!
#132, 500 error setting BindingIpAddress running
New-TppCapiApplication. Thanks @Curtmcgirt!
#134, server url is blank when running
Get-TppObject with secondary token. This was an issue for
Get-TppPermission as well. Thanks @stevekeever!
Add missing parameters comment-based help for
Fix certificate push not working in
Update links to reference
main branch instead of
Identity format validation fix,
#126. Thanks @DadsVacayShorts! Add
Get-TppIdentity to retrieve Identity info given an id
Remove-TppPermission, accepts output from
Add Path param to
Set-TppPermission in addition to guid
Get-TppPermission now accepts TppObject, eg. from
Set-TppPermission now accepts output from
Get-TppPermission for the object and IdentityId so you only need to specify Permission. No need to get guid and identity manually to pass in.
Find-TppIdentity output standardized so you can now pipe to permission functions
Get-TppPermission returns additional object and identity info
Centralize format validation for identities
Update help links referring to versions no longer available
Find-TppIdentity -Me to be deprecated for
Add option to
Get-TppObject for guid
Standardized on Id/IdentityId for the identity across all identity and permission functions
Force missing slash retry to status codes of only 307 and 401
Better error handling and messaging through the permission functions
Get-TppPermission fix when retrieving multiple permissions,
#124. Thanks @DadsVacayShorts! v2.1.0
Get-TppCertificateDetail help to ensure output lists the correct properties,
#119. Thanks @doyle043! Hide secret info, eg. passwords, tokens, etc, when verbose logging.
#120. Thanks @bwright86! Add search, get, and remove code sign project and environment functions
Fix, provide the correct error message when making rest call and testing to see if a trailing slash is needed or not
New-TppSession to ensure $TppSession is created even if subsequent custom field calls fail
Update TppSession object Validate method to check if token auth is required. Needed for code sign.
Add missing filters CreateDate, CreatedBefore, and CreatedAfter to
#117. Thanks @doyle043! v2.0.4
Fix header getting stripped causing
Write-TppLog to fail,
#114. Thanks @stevekeever! Update
Invoke-TppRestMethod to retry with trailing slash for all methods, not just Get
Add Origin property when creating a new certificate
Add icon to project,
Process to convert a secure password to plain text was failing on Linux,
#108. Thanks @macflurry7! v2.0.1
#88. Thanks @smokey7722! Make Invoke-TppRestMethod accessible,
#106. Thanks @wilddev65! Fix verbose being turned on incorrectly in New-TppSession when getting by token
Add token-based authentication support, Integrated, OAuth, and Certificate. Tokens can be used in or out of this module.
#94. Thanks @BeardedPrincess! Add CertificateType option to New-TppCertificate
Add support for GET api calls which require a trailing slash
Fixes in multiple functions where .Add on a hashtable was called in the process block
Fix issue #102, Base64 with private key not an available option
Update formats which support IncludeChain
Add offset parameter to Find-TppCertificate,
#92 Allow inclusion of private key for format Base64 (PKCS #8) in Get-TppCertificate. Earlier versions of Venafi documentation listed this incorrectly, but has been resolved.
#95 Get-TppCertificate failing when pipilining due to adding a key to a hashtable that already exists,
#96 Linux style paths which use / instead of \ were failing path check due to invalid regex,
#97 PSSA fix for Read-TppLog
ProvisionCertificate not triggering a push,
Add Linux support
Add ProvisionCertificate parameter to provision a certificate when the application is created
Removed UpdateIis switch as unnecessary, simply use WebSiteName
Add ApplicationName parameter to support pipelining of path
Add SkipExistenceCheck parameter to bypass some validation which some users might not have access to
Certificate authority is no longer required
Fix failure when SAN parameter not provided
Fix Management Type not applying
Add ability to provide root level path, \ved, in some
Add pipelining and ShouldProcess functionality to multiple functions
Update New-TppObject to make Attribute not mandatory
Remove ability to write to the log with built-in event groups. This is no longer supported by Venafi. Custom event groups are still supported.
Add aliases for Find-TppObject (fto), Find-TppCertificate (ftc), and Invoke-TppCertificateRenewal (itcr)
Simplified class and enum loading
fix session state not being preserved across internal function calls, thanks Kory B!
add Pipeline and ShouldProcess support to New-TppPolicy
add ShouldProcess support to New-TppObject
add many search options to Read-TppLog
ensure the Recursive parameter of Find-TppCertificate can only be applied when providing a path
ensure InputObject property of Find-TppCertificate only accepts type Policy so we get a path
add TppManagementType enum
add private function to convert a date to UTC ISO 8601 format
cleanup help in Find-TppCertificate
add Subject Alternate Name parameter to New-TppCertificate
add Add-TppCertificateAssociation to associate a certificate to one or more application objects
update New-TppObject to use Add-TppCertificateAssociation when a certificate is provided
update New-TppCapiApplication to use the updated New-TppObject
update Get-TppIdentityAttribute to use Test-TppIdentity for validation
additional fixes in identity functions
fix validation in identity functions
Add Integrated Authentication, a credential is no longer required
Add Write-TppLog with support for default and custom event groups
Add PassThru option for all 'New-' functions, returning TppObject
Standardize all enums with Tpp prefix
Make enums/classes available outside of the module scope, access these directly at the command line. For example, [TppObject]::new('\ved\policy\object').
Fix finding by Stage, StageGreaterThan, and StageLessThan in Find-TppCertificate
Add error handling for Get-TppSystemStatus
Rename Restore-TppCertificate to Invoke-TppCertificateRenewal
Lots of help/documentation updates
Breaking change: Update New-TppObject to simplify the attributes provided, now just pass a hashtable of object key/value pairs.
Better parameter support for New-TppCertificate with Name and CommonName
Rename Get-TppLog to Read-TppLog