Unable to reference Secret Variable

ecosta442 · September 21, 2021, 7:36pm

Hey everyone,

I seem to be having trouble loading a secret variable stored in the DefaultVault. I have a variable called PasswordResetAC which I would use as an elevation account for resetting an AD account. When the reset triggers from the dashboard, I receive an error about the method for the credential not being implemented. After some more testing, i found that the secret variable was empty. I confirmed this by splatting the variable to a UDToast. I have tried removing, and recreating the variable with different names. I even blew away the variables ps1 and had the system recreate. In case it is helpful, here is the section of code i am using (note: the AD controller is omitted intentionally)


 [pscredential]$pscred = $PasswordResetAC
 $SecPassword = $eventData.TestPassword | convertto-Securestring -asplaintext

 $accountname = ""


 if ($User.contains("@"))
 {
         $accountname = $user.split("@")[0]
 }
elseif($user.contains("\"))
{
      $accountname = $user.split("\")[1]
}

try
{
     Set-ADAccountPassword -Server [active directory controller]  -Identity $accountname -NewPassword $SecPassword  -Credential $pscred -verbose
     set-Udelement -id 'Results' -content {
              New-UDCard -content {
                     New-UDAlert -Severity 'success' -content {"Password successfully reset for TEST\$accountname"}
               }
    }
}
catch
{
       set-Udelement -id 'Results' -content {
             New-UDCard -content {
                    New-UDAlert -Severity 'error' -content {"Password could not be set for TEST\$accountname $($error[0])"}
                    }
         }
   }
 }

here is what the Variable page looks like:

I appreciate any insight you guys can provide!

Thanks, Evan

Product: PowerShell Universal
Version: 2.3.0, Service install

adam · September 22, 2021, 3:19pm

Are you running the job as alternate credentials at all? Or just kicking it off as the default?

ecosta442 · September 22, 2021, 3:43pm

Hey Adam,

The dashboard is running in the Default Run-As Context:

If it helps at all, the Powershell Universal Service its self is running as a different Domain user.

let me know if you have any other questions!

Thanks,

Evan

adam · September 22, 2021, 5:56pm

Ok. Then I would expect you to be able to read the secrets since it’s the same user account for both the admin console and the dashboard. Have you configured your environments at all? I ask because if the Variables aren’t set to * then it won’t include all the variables.

ecosta442 · September 22, 2021, 6:17pm

Hey Adam, thanks for the suggestion! I verified that the wildcard was set for the variables in the environment section. I was not sure which environment “default” aligned with, so i changed the dashboard to use the 7.1.3 pwsh env and as soon as i did that, the parameter populated! thanks again for your insight!

Topic		Replies	Views
Unable to use Secret Variables PowerShell Universal	1	269	April 20, 2023
Authentication.ps1 not getting $secret:variable values? PowerShell Universal	1	385	November 29, 2022
Storing and using Variable - Credentials within script	3	630	August 9, 2021
How to reference secret variables in scripts? PowerShell Universal	6	1815	March 16, 2021
Get-UAVariable Secret just returning name of variable and not the value of the string PowerShell Universal	5	636	August 11, 2021

Unable to reference Secret Variable

Related topics