PowerShell commands

This topic is about all authentication commands and handles for PSHubContext.

PSHubContext is an object that specifies your authentication information. You will need a valid PSHubContext to connect to your Devolutions Hub Business. You can have many PSHubContext connected in your PowerShell session, but only one is used when you use Devolutions Hub cmdlets.

In this object, you have the following:

• Name: Name of the application user

• URL: Devolutions Hub Business URL

• Application secret: Application secret given after the application user creation

• Application key: Application key given after the application user creation

• PSHubContext

or

• Url

• ApplicationKey

• ApplicationSecre

If PSHubContext is provided, tries to connect to Devolutions Hub with it.

or

If PSHubContext is not provided, creates a PSHubContext with information received and tries to connect to Devolutions Hub afterward.

$PSHubContext = [Devolutions.Hub.PowerShell.Entities.PowerShell.PSHubContext]@{ApplicationKey="24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554"; ApplicationSecret="U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY="; Url="https://windjammer.devolutions.xyz"}
Connect-HubAccount -PSHubContext $PSHubContext

Connect-HubAccount -Url https://windjammer.devolutions.xyz -ApplicationKey "24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554" -ApplicationSecret U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY=

or

Connect-HubAccount -Url https<area>://<YourPasswordHubUrl>.devolutions.app -ApplicationKey “24526a88-7f18-4356-95bd-11690f7bc59b;468ce2d5-ea4b-42ff-bc02-d93c71b4e554“ -ApplicationSecret U4nmdOjqPAcL0GfbvNC2u8e0FCZjhEJFTnn6YHpIZDY=

• ApplicationKey

or

• All

If ApplicationKey is provided, disconnects and removes PSHubContext from the PowerShell session.

or

If All is provided, disconnects and removes all PSHubContext from the PowerShell session.

• ListAvailable

If ListAvailable is provided, lists all PSHubContext set the in PowerShell session.

or

If ListAvailable is not provided, retrieves the current PSHubContext which will be used for all other Devolutions Hub commands.

• PSHubContext

Sets the current PSHubContext to the one provided.

• ApplicationKey

Selects another PSHubContext to change the current PSHubContext which will be used for all Devolutions Hub commands.

• PSHubContext

• Path

• Force

  • SecurePassword

  or

  • Password

Saves the current PSHubContext to a .json file at the received path.

If PSHubContext is provided, saves it to a .json file.

If Force is provided, overwrites the file if the path already exists.

If SecurePassword is provided, prompts the user to enter a password to encrypt the .json file.

or

If Password is provided, encrypts the .json file with the received password.

Save a standard PSHubContext.

Save-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“

If you want to securely save a PSHubContext with a password, you can do it in 2 ways:

With a password passed by arguments.

Save-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“ -Password “password“

or

With a SecurePassword argument that will prompt the secure password input.

Save-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“ -SecurePassword

Password: [INSERT YOUR PASSWORD]

• Path

• SecurePassword

• Password

Imports a PSHubContext from a .json file at the received path.

If SecurePassword is provided, prompts the user to enter a password to decrypt the .json file.

If Password is provided, decrypts the .json file with the received password.

Import a standard PSHubContext.

Import-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“

If you want to import a file protected by a password, you can do it in 2 ways:

With a password passed by arguments.

Import-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“ -Password “password“

or

With a SecurePassword argument that will prompt the secure password input.

Import-HubContext -Path “C:\PATH\TO\YOUR\FILE\file.json“ -SecurePassword

Password: [INSERT YOUR PASSWORD]

This section is about commands used to handle system settings.

Gets the PSSystemSettings object.

• PSSystemSettings

Sets the provided system settings to Devolutions Hub.

Change system settings information and save these modifications.

$psSystemSettings = Get-HubSystemSettings

$psSystemSettings.ForceTwoFactorAuthentication = $true

$psSystemSettings.ExtendedSessionLifespan = “SevenDays“

$psSystemSettings.SystemPermissions.Users[“33a0253c-2bbf-43a0-9051-fb6adcb5ac7e“].ManageUsersGroups = $false;

Set-HubSystemSettings -$psSystemSettings $psSystemSettings

• UserId

• PSVaultRole | SystemVaultPermission

or

• GroupId

• PSVaultRole | SystemVaultPermission

Adds the provided system vault permission to system settings. If a user or group already exists, the permission will be overwritten.

If UserId is provided, sets a predefined role or a custom system vault permission to this user.

or

If GroupId is provided, sets a predefined role or a custom system vault permission to this group.

$newSystemVaultPermission = [Devolutions.Hub.Clients.VaultPermissionRole]@{ AddEntries = $true }

New-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $newSystemVaultPermission

• UserId

or

• GroupId

If UserId is provided, removes this user's system vault permission from system settings.

or

If GroupId is provided, removes this group's system vault permission from system settings.

• UserId

or

• GroupId

If UserId is provided, retrieves this user's system permission from system settings.

or

If GroupId is provided, retrieves this group's system permission from system settings.

Get a systemVaultPermission from a user to create a new systemVaultPermission with the same permissions (values).

$systemVaultPermissionFromUserA = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubSystemVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemVaultPermission $systemVaultPermissionFromUserA

• UserId

• PSVaultRole | SystemVaultPermissions

or

• GroupId

• PSVaultRole | SystemVaultPermissions

Sets a provided system vault permission.

If UserId is provided, sets a predefined PSVaultRole or a custom system vault permission to this user.

or

If GroupId is provided, sets a predefined PSVaultRole or a custom system vault permission to this group.

$systemVaultPermission = Get-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

$systemVaultPermission.ExecuteEntries = $false;

Set-HubSystemVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemVaultPermission $systemVaultPermission

• SystemPermission

  • UserId
    or

  • GroupId

Adds the provided system permission to system settings

If UserId is provided, sets the system permission to this user.

or

If GroupId is provided, sets the system permission to this group.

$newSystemPermission = [Devolutions.Hub.Clients.SystemPermission]@{ AddVaults = $true }

New-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $newSystemPermission

• UserId

or

• GroupId

If UserId is provided, removes this user's system permission from system settings.

or

If GroupId is provided, removes this group's system permission from system settings.

• UserId

or

• GroupId

If UserId is provided, retrieves this user's system permission from system settings.

or

If GroupId is provided, retrieves this group's system permission from system settings.

Get a systemPermission from a user to create a new systemPermission with the same permissions (values).

$systemPermissionFromUserA = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubSystemPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -SystemPermission $systemPermissionFromUserA

• UserId

• SystemPermission

or

• GroupId

• SystemPermission

Sets a provided system permission.

If UserId is provided, sets the system permission to this user.

or

If GroupId is provided, sets the system permission to this group.

$systemPermission = Get-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

$systemPermission.ForcePromptLogin = $false;

Set-HubSystemPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -SystemPermission $systemPermission

This section is about commands to handle Devolutions Gateway.

• PsDecryptedGateway

Adds a new Devolutions Gateway to Devolutions Hub.

$newDevolutionsGateway = [Devolutions.Hub.CryptoUtilsPowerShell.Entities.ModelsHub.PSDecryptedGateway]@{ PsMetadata = [Devolutions.Hub.PowerShell.CryptoUtilsEntities.ModelsHub.PSGatewayMetadata]@{ Name = 'Test Gateway From PS' }}

New-HubGateway -PSDecryptedGateway $newDevolutionsGateway

• GatewayId

Removes the Devolutions Gateway with the provided ID.

• PsDecryptedGateway

Sets the provided Devolutions Gateway.

$psDecrpytedGateway = Get-HubGateway -GatewayId 4c6fb2dc-f7ba-4089-8bc2-b46b3bdcd1d0

$psDecrpytedGateway.PSMetadata.Name = "New Name From PS"

Set-HubGateway -PSDecryptedGateway $psDecrpytedGateway

• GatewayId

Retrieves the Devolutions Gateway with the provided ID.

Creates new Devolutions Gateway settings. If settings already exist, they will be overwritten.

Sets the provided Devolutions Gateway settings.

Retrieves the Devolutions Gateway settings.

This section is about commands to handle vaults.

• VaultName

• VaultDescription

Adds a new vault.

Have the permission to create vaults and put a name.

• VaultId

Removes this vault from Devolutions Hub.

• VaultId

If VaultId is provided, retrieves the vault by ID.

If VaultId is not provided, retrieves all vaults you have access to.

• VaultId

• PSVault

Sets the provided vault to the mentioned VaultId.

Change information about a vault and save these modifications.

$psVault = Get-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1

$psVault.Name = “New RDP Name“;

$psVault.VaultPermissions.Users[“33a0253c-2bbf-43a0-9051-fb6adcb5ac7e“].ViewPassword = $false;

Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psVault

• VaultID

  • UserId

  • VaultRoleId | VaultPermission

  or

  • GroupId

  • VaultRoleId | VaultPermission

Adds the provided vault permission to a specific vault. If a user or group already exists, the permission will be overwritten. If UserId is provided, sets a predefined PSVaultRole or a custom vault permission to this user. If GroupId is provided, sets a predefined PSVaultRole or a custom vault permission to this group.

With a custom vaultPermission:

$newVaultPermission = [Devolutions.Hub.Clients.VaultPermissionRole]@{ AddEntries = $true }

New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -VaultPermission $newVaultPermission

or

With a predefined role:

New-HubVaultPermission -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -VaultRoleId fde84e48-4662-493b-9de3-e05c708af060

• VaultID

  • UserId

  or

  • GroupId

If UserId is provided, removes this user's vault permission from the specific vault.

If GroupId is provided, removes this group's vault permission from the specific vault.

• VaultID

  • UserId

  or

  • GroupId

If UserId is provided, retrieves this user's vault permission from the specific vault. If GroupId is provided, retrieves this group's vault permission from the specific vault.

Get a vaultPermission from a user to create a new vaultPermission with the same permissions (values).

$vaultPermissionFromUserA = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubVaultPermission -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermissionFromUserA

• VaultID

  • UserId

  • VaultRoleId | VaultPermission

  or

  • GroupId

  • VaultRoleId | VaultPermission

Sets a provided vault permission to a specific vault. If UserId is provided, sets a predefined role or a custom vault permission to this user. If GroupId is provided, sets a predefined role or a custom vault permission to this group.

With a custom vaultPermission:

$vaultPermission = Get-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984

$vaultPermission.ExecuteEntries = $false;

Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -VaultPermission $vaultPermission

or

With a predefined role:

$vaultRole = Get-HubVaultRole -RoleId 1dd2321d-ae0d-41d9-bd2a-ec71cce5b13c

Set-HubVaultPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -PSVaultRole $vaultRole

• RoleId

If RoleId is provided, retrieves the vault role by ID.

If RoleId is not provided, retrieves all vault roles.

This section is about commands to handle users.

• UserEmail

• UserLocale

• IsTemporaryPasswordSendByEmail

Adds a new Devolutions user or invites an existing Devolutions user.

If IsTemporaryPasswordSendByEmail is provided, the temporary password for the new Devolutions user will be sent by email. Otherwise, the temporary password is returned.

• Email

• AllowOfflineInRDM

• UserSendMessageConfiguration

or

• PSInvitation

Invites a user from a Devolutions Account Organization set in your hub.

• If Email, AllowOfflineInRDM and UserSendMessageConfiguration are provided. A single email will be sent.

• If PSInvitation is provided, you can manually set more than one email and assign groups. This command will only work if Enable SSO with Devolutions Account Organization has been enabled in your hub and a valid Devolutions Account Organization has been selected.

Add with a PSInvitation.

$psInvitation = [Devolutions.Hub.PowerShell.CryptoUtilsEntities.ModelsHub.PSInvitation]@{AllowOfflineInRDM = $true; UserSendMessageConfiguration = [Devolutions.Hub.Clients.UserSendMessagePermission]::MessagesWithEntries; Groups = @("1f017956-1d36-4787-acaa-22b16c73cce5"); Emails = @("nathan.lachance@devolutions.net");}

New-HubOrganizationUser -PSInvitation $psInvitation

• UserId

Removes this user from Devolutions Hub.

• UserId

If UserId is provided, retrieves the user by ID.

If UserId is not provided, retrieves all users.

• UserId

• PSUser

Sets the provided user to the mentioned user ID.

Disable a user and save.

$psUser = Get-HubUser -UserId 321ec891-5674-4be0-aaf1-0c11a62eaf20

$psUser.IsEnabled = $false

Set-HubVault -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -PSVault $psUser

This section is about commands to handle groups.

• GroupName

• GroupUserIds

Adds a new group to the hub with users, if provided.

• GroupId

Removes this group from the hub.

• GroupId

If GroupId is provided, retrieves the group by ID.

If GroupId is not provided, retrieves all groups.

• GroupId

• PSGroup

Sets the provided group to the received group ID.

Change the name, add a user, and save the group.

$psGroup = Get-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd

$psGroup.Name = “New Group Name“

$psGroup.UserIds.Add(“321ec891-5674-4be0-aaf1-0c11a62eaf20“)

Set-HubGroup -GroupId d41b9475-e00a-4f5b-8f25-4d539639dedd -$psGroup $psGroup

• GroupId

• UserIds

Adds one or more users to a specific group.

• GroupId

• UserIds

Removes one or more users from a specific group.

This section is about commands to handle entries.

• VaultId

• PSDecryptedEntry

• DocumentPath

Adds a new entry to a specific hub vault with the provided PSDecryptedEntry entry.

$t = [Devolutions.Hub.PowerShell.CryptoUtilsEntities.ModelsHub.PSDecryptedEntry]@{ PsMetadata = [Devolutions.Hub.CryptoUtilsPowerShell.Entities.ModelsHub.PSEntryMetadata]@{ Name = "Test Cred"; ParentId = "9df41856-125a-490a-8589-93afc3059924"; ConnectionType = [Devolutions.GeneratedRemoteDesktopManager.Enums.ConnectionType]::Credential }; Connection = [Devolutions.GeneratedRemoteDesktopManager.ModelsBusiness.Connection]@{ Credentials = [Devolutions.GeneratedRemoteDesktopManager.ModelsBusiness.CredentialsConnection]@{ CredentialType = [Devolutions.Generated.EnumsRemoteDesktopManager.CredentialResolverConnectionType]::Default; Password = "passworddepowershell" } } }

New-HubEntry -VaultId d334f44c-fb84-4559-b576-e1e8b68baf65 -PSDecryptedEntry $t

• VaultId

• EntryId

Removes this entry from a specific vault.

• VaultId

• EntryId

If EntryId is provided, retrieves this entry from a specific vault. If EntryId is not provided, retrieves all entries from a specific vault. Entry(ies) will have sensitive passwords if you have the permission.

• VaultId

• EntryId

• PSDecryptedEntry

Sets the provided PSDecryptedEntry to the mentioned vault and entry.

Change information about an entry and save these modifications.

$decryptedEntry = Get-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1

$decryptedEntry.PsMetadata.Name = "New RDP Name";

$decryptedEntry.Connection.RDP.Password = "new_password";

Set-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1 -PSDecryptedEntry $decryptedEntry

• VaultId

• EntryId

• ResolveSensitives

• ResolvePasswords

Gets the entry and resolves the sensitives or passwords depending on the switches.

$entry = Get-HubEntryResolved -VaultID "98b693f6-c77b-434e-a02b-8beed4b7b343" -EntryID "7b4eeb29-e885-4461-aff7-15d2b45b89fb" -ResolveSensitives -ResolvePasswords

• Entry

• ResolveSensitives

• ResolvePasswords

Resolves the sensitives or passwords from an already decrypted entry.

$entry = Get-HubEntry -VaultId 3beb6536-95d2-405b-bc69-70751cc55ca1 -EntryId eb3b079e-b763-4657-bfac-ec83998015c1

Format-HubEntryResolved -Entry $entry -ResolvePasswords

• VaultId

• EntryId

  • UserId

  • PSEntryRole | EntryPermission

  or

  • GroupId

  • PSEntryRole | EntryPermission

Adds a provided entry permission to a specific entry. If a user or group already exists, the permission will be overwritten.

If UserId is provided, sets a predefined role or a custom entry permission to this user.

or

If GroupId is provided, sets a predefined role or a custom entry permission to this group.

With a custom entryPermission:

$newEntryPermission = [Devolutions.Hub.Clients.EntryPermissionRole]@{ EditEntries = $true }

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -EntryPermission $newEntryPermission

With a predefined role:

$entryRole = Get-HubEntryRole -RoleId 851f86f6-fe3b-4325-9b22-08c3b797e10c

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4 -PSEntryRole $entryRole

• VaultId

• EntryId

  • UserId

  or

  • GroupId

If UserId is provided, removes this user's entry permission from a specific entry.

or

If GroupId is provided, removes this group's entry permission from a specific entry.

• VaultId

• EntryId

  • UserId

  or

  • GroupId

If UserId is provided, retrieves this user's entry permission from a specific entry.

or

If GroupId is provided, retrieves this group's entry permission from a specific entry.

Get an entryPermission from a user to create a new entryPermission with the same permissions (values).

$entryPermissionFromUserA = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 2d9221d6-3cbe-4161-b3aa-387f18a7f8c4

New-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermissionFromUserA

• VaultId

• EntryId

  • UserId

  • PSEntryRole | EntryPermission

  or

  • GroupId

  • PSEntryRole | EntryPermission

Sets a provided entry permission to a specific entry.

If UserId is provided, sets a predefined role or a custom entry permission to this user.

or

If GroupId is provided, sets a predefined role or a custom entry permission to this group.

With a custom entryPermission:

$entryPermission = Get-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984

$entryPermission.ViewPassword = $false;

Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -UserId 152c06cf-cce6-4116-97e1-34aadeab9984 -EntryPermission $entryPermission

With a predefined role:

$entryRole = Get-HubEntryRole -RoleId 851f86f6-fe3b-4325-9b22-08c3b797e10c

Set-HubEntryPermission -VaultId 12ac66eb-7caa-4866-b5fd-5bd59c7f657e -EntryId cf73b4ea-c1cd-4f53-9b53-f9277a108c56 -GroupId 339d1c22-c01b-47ff-b812-74e34f23991f -PSEntryRole $entryRole

• RoleId

If RoleID is provided, retrieves the entry role by ID.

If RoleID is not provided, retrieves all entry roles.

• VaultID

$vaultid = "2d42cac4-3419-494e-aa2a-33b2fdf37a06"
$entries = Get-HubEntriesForExport -VaultId $vaultid