Add Find-VaasMachine to find machines by type or status. The list of attributes to search by will increase over time. Find-VaasObject -Type Machine can always be used as well.
Add Get-VaasMachine to get machines by uuid, name, or get all.
Update Invoke-VaasWorkflow output to include workflow id (wsClientId)
Add machine creation functions New-VaasMachine, New-VaasMachineIis, and New-VaasMachineCommonKeystore. These require PowerShell v7+ and have parallel processing. New-VaasMachine is for basic machines with hostname, credential, and optional port, eg. Citrix and F5.
Add machine types to $VenafiSession.MachineTypes when using New-VenafiSession for VaaS
Add Invoke-VenafiParallel private function to easily execute operations in parallel. Requires PowerShell v7+.
Add argument completer to New-VaasMachine -MachineType and Find-VaasMachine -MachineType for dynamic tab-ahead list of machine types
Add PSSodium as a nested module, required for machine creation functions
Add specific error messages when a TPP token scope/privilege is not sufficient for the current function. The message will include both the current and missing scope/privilege, #175.
Add Set-VaasTeam to update existing VaaS teams. You can update the name, role, and/or user matching rules. User matching rules can be overwritten or appended to.
Add Remove-VaasObject to remove a VaaS team, application, machine, machine identity, tag, or connector.
Remove TppObject class. This was causing issues for some who aren't familiar with the Using keyword and differences between it and import-module when it comes to classes.
Add Invoke-VaasWorkflow to trigger either a Test, Provision, or Discover machine/machine identity workflow. As one example, this is super helpful when looking to automate renewal and provisioning of certificates that may expire soon.
Fix error with Get-TppPermission when an identity which had been permissioned has had its account deleted. Explicit permissions will be returned, but the identity path and name will be null as we can no longer look it up from the provider.
Get-TppPermission -Attribute has been deprecated. Identity path and name are included in the return object. For other attributes, use Get-TppIdentityAttribute.
Add Set-TppAttribute -NoOverwrite to allow additions to an attribute list. #189
Add Get-TppAttribute -NoLookup for the remote cases where a built-in attribute and custom field have the same name. The default will be to look for a custom field. Use -NoLookup to override. #192
Add ability to export the chain on VaaS with Export-VenafiCertificate
Add ability to export a certificate to a file on VaaS with Export-VenafiCertificate
Fix certain characters in friendly name causing Test-TppIdentityFormat to fail, #205
Add ability to set specific permission with Set-TppPermission and not just an entire permissions object, #197
Enhance pipeline support for Set-TppPermission
Fix failure removing a custom field value with Set-TppAttribute, #199
Fix ConvertTo-TppFullPath appending '\ved\policy' incorrectly on non-Windows environments
Add 'all' token scope with 2 values, 'core' and 'admin'. 'Core' is all scopes except for admin and 'admin' includes admin. Use as New-VenafiSession -Scope @{'all'='core'}. Not suggested for production environments
Add -SkipCertificateCheck to New-VenafiSession and New-TppToken to bypass certificate checking, useful in pre-production environments, connecting via IP, etc. If you aren't creating a new session, but providing a token directly to a function, the same functionality can be found by setting an environment variable $env:VENAFIPS_SKIP_CERT_CHECK=1. If vaulting your token, this value will also be vaulted in the metadata making it very easy to use New-VenafiSession -VaultRefreshAccessToken $name and connect to pre-prod environments with no certificate checking
New-VenafiSession -VaultMetadata is now deprecated and metadata will be vaulted by default
Token scope is now vaulted in metadata and added to $VenafiSession when using -VaultAccessTokenName or -VaultRefreshTokenName of New-VenafiSession
Update Write-VerboseWithSecret to support secrets in delimited json
Fix TppObject ParentPath error when it contains certain characters, #186
Fix object does not exist error with Move-TppObject in a try/catch, #185
Add Remove-TppObject to remove any object. Multiple people have asked for this so it's been added, but be careful using it as it can be very destructive. Recommend using -WhatIf to validate.
Fix Invoke-VenafiCertificateAction always running as verbose, #173
Fix Set-TppAttribute error when providing a null value, #176
Fix Set-TppPermission error when providing VenafiSession directly, #174
Greatly simplified with far less parameters needed
Attributes, which have values, available as properties at the root level in the response. This is useful for direct value access.
A property named Attribute has been added with all attribute names, values, and configuration. This is useful for looping over the attributes, determining where a policy attribute is set, and more.
Add VaaS connector management functions Get-VaasConnector, New-VaasConnector, and Rmove-VaasConnector. Currently limited to webhooks with event type scope.
Add VaaS and TPP certificate deletion to Invoke-VenafiCertificateAction
Add -IncludeVaasOwner to Find-VenafiCertificate and Get-VenafiCertificate to include user/team owner detailed info on VaaS
Add 'application' property to Find-VenafiCertificate and Get-VenafiCertificate with application details on VaaS
Add -All to Get-VenafiCertificate to retrieve all certificates. This replaces the default behavior of getting all with no parameters.
Add prepending '\ved\policy' when a root path isn't provided to many functions
Fix Invoke-VenafiCertificateAction not triggering some actions on VaaS
Fix Get-VenafiCertificate returning TppObject instead of detailed certificate info when getting all
Note: please test your code when using the above functions as there are breaking changes in this release
Add Import-VaasCertificate. Export from TPP right into VaaS (and vice versa).
Import-TppCertificate updates
Add pipelining with either -CertificatePath or CertificateData. You can provide FileInfo objects or just an array of paths.
If using PS v6+, import will now use parallel processing. Control the number of certificates imported at once with the new parameter -ThrottleLimit. This is definitely the recommended approach for bulk importing.
Add prepending '\ved\policy' to -PolicyPath if not provided
Get-TppAttribute updates
-Attribute can now accept custom field labels/names to retrieve the value, #74
Return Locked and Overridden values where applicable
Notify user when attribute name provided to -Attribute is not valid
Fix SecretManagement module existence check not always being triggered in New-VenafiSession, #123
Add 'certificate' field to Write-VerboseWithSecret to hide certificate data being passed to VaaS
Allow any attribute names for Get-TppIdentityAttribute -Attribute, #125
Add docker image with each new build and publish to dockerhub. Add the below environment variables recognition for use with docker image, but could be used outside of it as well. This is great for ci/cd scenarios and more.
TPP_SERVER - TPP server url
TPP_TOKEN - TPP oauth token
VAAS_KEY - VaaS key
Fix Set-TppAttribute not clearing a value. You can now pass $null to clear an object's attribute value, #119
Add new output format for Get-TppAttribute using the parameter -New. Attributes will now be provided as object properties as opposed to individual objects for each property, which made it difficult to retrieve the value itself. This new format is available for all ways of using the function including attribute, effective attribute, and policy retrieval. This new format will become the default in the future.
Add Get-TppAttribute -PolicyClass -All to retrieve all policy attributes at once
Add New-TppCertificate -WorkToDoTimeout to override the global setting for a CA to issue/renew certificate
Add support for api limitation of 5k clients at a time when calling Remove-TppClient
Add support for VaaS user matching rules with New-VenafiTeam
Add setting common name, if not provided, as the object name in New-TppCertificate, #110
Fix syntax error when using New-TppCertificate -Csr, #111
Add authentication options, VaaS key or TPP token, in addition to VenafiSession to be provided directly to any function that supports that platform. This better enables devops scenarios so 1 call can be made for a function as opposed to executing New-VenafiSession first. Note, if using this with TPP, an environment variable named TppServer with the url of the server must be set.
Add Test-VenafiSession private function to add support for the new authentication methods as VenafiSession.Validate isn't used. Invoke-VenafiRestMethod has been updated to accept these new authentication methods as well.
Add New-VaasSearchQuery (private function) as the framework for VaaS searching including filtering, ordering, and paging. This will be used by certificate search, log search, and probably more in the future.
Add Read-VenafiLog utilizing the new search framework for VaaS. Merge existing Read-TppLog into 1 function to support both VaaS and TPP.
Add Get-VenafiTeam to retrieve all or specific team info, VaaS and TPP
Add New-VenafiTeam to create a new team, VaaS and TPP
Add Remove-VenafiTeam to remove a team, VaaS and TPP
Add Add-VenafiTeamMember to add a team member, VaaS and TPP
Add Add-VenafiTeamOwner to add a team owner, VaaS and TPP
Add Remove-VenafiTeamMember to remove a team member, VaaS and TPP
Add Remove-VenafiTeamOwner to remove a team owner, VaaS and TPP
Add ConvertTo-TppIdentity to standardize TPP identity objects
Add Get-VenafiIdentity to retrieve a specific identity, the current user, or all, VaaS and TPP. This replaces Get-TppIdentity. The ability to retrieve associated identities and group members has been extended to -All.
Change Invoke-TppRestMethod to Invoke-VenafiRestMethod in remaining internal module calls
Move key/token refresh messaging to TPP only in VenafiSession as no refresh for VaaS
Default -UriRoot in Invoke-VenafiRestMethod to v1 for VaaS
Add -All option to Get-TppAttribute to get ALL effective attribute values for an object. This will provide the values as well as the path where the policy was applied
Add getting policies (policy attributes) with Get-TppAttribute
Add setting policies (policy attributes) with Set-TppAttribute
Add Invoke-VenafiCertificateAction. This is your one stop shop for certificate actions on TPP or VaaS. You can Retire, Reset, Renew, Push, Validate, or Revoke.
Cleanup output and verbose logging with Remove-TppCertificate
Fix parameter set issue in New-VenafiSession, ensure version and custom field info retrieval doesn't occur when creating a VaaS session
Add support for local token/key storage with PowerShell SecretManagement. Store your access or refresh token securely and have VenafiPS use it to create a new session.
Add Get-TppClassAttribute to list all attributes for a specific class. Helpful for attribute validation and getting values for all attributes.
Update Version in VenafiSession object, from Get-TppVersion, to be of type Version. Drop Revision from version so now only 3 octets. This assists in performing version validation.
Update New-TppToken to account for a bug in pre 21.3 which expected the client_id to be lowercase
Update Test-TppToken to validate the tpp version is supported
Add Test-TppToken function to test if a TPP token is valid.
Tests an AccessToken, TppToken, or VenafiSession
-GrantDetail parameter returns detailed info about token from TPP server response
Update New-TppToken to capture the refresh token expiry if part of the response.
Update Find-TppCertificate to add -CertificateType as a parameter to filter results by type of certificate. Can use CodeSigning, Device, Server, and/or User.
Update Get-VenafiCertificate to get historical certificate versions with -IncludePreviousVersions. -ExcludeExpired and -ExcludeRevoked filters the results.
Add -CountOnly to Find-TppCertificate to return the number of certificates found based on the filters provided, #12
Move from Invoke-RestMethod to Invoke-WebRequest in Invoke-VenafiRestMethod so we get response headers, to be used with -CountOnly above. Invoke-VenafiRestMethod has a new parameter, -FullResponse, to retrieve the complete response, not just content value.
Add New-HttpQueryString private function to support HEAD api calls which require a query string and not body.
Fix Test-TppIdentityFormat which was failing when the identity guid was surrounded with curly braces
Replace -Limit parameter and standardize on -First
Add Test-ModuleHash to validate the script files in the module. The release pipeline has been updated to create a GitHub release with a file which stores the file hashes with SHA256. This function will validate the current module against these hashes and provide true/false for success or failure.
Rebrand from VenafiTppPS to VenafiPS as the module will now support Venafi products other than TPP. Functions with -Tpp in the name will now be TPP only, -Vaas will be for Venafi as a Service only, and -Venafi will be both
Rename New-TppSession to New-VenafiSession and add support for Venafi as a Service. Use the parameter -VaasKey
Rename Get-TppCertificate to Export-VenafiCertificate and now supports Venafi as a Service. Alias added so existing scripts don't break.
Rename Get-TppCertificateDetail to Get-VenafiCertificate and now supports Venafi as a Service. Alias added so existing scripts don't break.
Add Get-VaasOrgUnit for OutagePREDICT
Add Get-VaasApplication for OutagePREDICT
Rename Invoke-TppRestMethod to Invoke-VenafiRestMethod
All tokens and keys have been changed from plaintext to PSCredential for added security
Identity format validation fix, #126. Thanks @DadsVacayShorts!
Add Get-TppIdentity to retrieve Identity info given an id
Add Remove-TppPermission, accepts output from Get-TppPermission
Add Path param to Set-TppPermission in addition to guid
Get-TppPermission now accepts TppObject, eg. from Find-TppObject
Set-TppPermission now accepts output from Get-TppPermission for the object and IdentityId so you only need to specify Permission. No need to get guid and identity manually to pass in.
Find-TppIdentity output standardized so you can now pipe to permission functions
Get-TppPermission returns additional object and identity info
Centralize format validation for identities
Update help links referring to versions no longer available
Find-TppIdentity -Me to be deprecated for Get-TppIdentity -Me
Add option to Get-TppObject for guid
Standardized on Id/IdentityId for the identity across all identity and permission functions
Force missing slash retry to status codes of only 307 and 401
Better error handling and messaging through the permission functions
Allow inclusion of private key for format Base64 (PKCS #8) in Get-TppCertificate. Earlier versions of Venafi documentation listed this incorrectly, but has been resolved. #95
Get-TppCertificate failing when pipilining due to adding a key to a hashtable that already exists, #96
Linux style paths which use / instead of \ were failing path check due to invalid regex, #97
Add Integrated Authentication, a credential is no longer required
Add Write-TppLog with support for default and custom event groups
Add PassThru option for all 'New-' functions, returning TppObject
Standardize all enums with Tpp prefix
Make enums/classes available outside of the module scope, access these directly at the command line. For example, [TppObject]::new('\ved\policy\object').
Fix finding by Stage, StageGreaterThan, and StageLessThan in Find-TppCertificate
Add error handling for Get-TppSystemStatus
Add Get-TppVersion
Rename Restore-TppCertificate to Invoke-TppCertificateRenewal
Lots of help/documentation updates
Breaking change: Update New-TppObject to simplify the attributes provided, now just pass a hashtable of object key/value pairs.
Better parameter support for New-TppCertificate with Name and CommonName