Password Safe CLI Application
What is the Password Safe CLI application?
The Password Safe Command Line Interface (CLI) Application is an efficient CLI tool specifically crafted to interface with the Beyond Insight and Password Safe APIs in version 24.3. This application allows users to access various API resources, including safes, folders, secrets, managed accounts, and more. It offers a user-friendly interface that simplifies command parsing, ensures input validation, and delivers detailed output.
How is it useful?
There are many benefits to using Password Safe CLI, including:
- Reliable and efficient backend operations - Password Safe CLI utilizes a robust backend logic for API calls, guaranteeing seamless and dependable interaction with BeyondInsight and Password Safe APIs. This allows users to concentrate on their tasks without the burden of navigating the complexities of API integration.
- Intuitive command-line interface - Crafted with simplicity and usability in mind, the CLI offers a user-friendly framework for executing commands. This design enables users of all experience levels to engage with the tool efficiently.
- Comprehensive help and documentation - Password Safe CLI has detailed help texts for all commands, ensuring that users have access to clear and actionable guidance. These texts are meticulously refined for clarity and effectiveness, making it easier for users to understand and utilize the tool’s features.
- Clear and actionable error handling - Password Safe CLI delivers meaningful error messages that assist users in quickly identifying and resolving issues. This approach minimizes frustration and downtime, ensuring smooth operation even when unexpected problems arise.
- Input validation - Input parameters undergo thorough validation for consistency and correctness, reducing errors and ensuring accurate command execution. Users can rely on the CLI to manage their inputs securely and effectively.
Available environment variables
Required
- PSCLI_API_URL - BeyondInsight and Password Safe API URL. This can be set in the settings file.
- PSCLI_CLIENT_ID - Client ID to use when requesting data from the API. This can be set in the settings file.
- PSCLI_CLIENT_SECRET - Client secret to use when requesting data from the API. This can be set in the settings file.
Optional
- PSCLI_SETTINGS_PATH - Custom settings path to use for ps-cli. By default, the settings file is created in the user's home directory (~).
- PSCLI_AUTH_RETRIES - The number of times ps-cli should attempt to authenticate in case of an error.
- PSCLI_TIMEOUT_CONNECTION - How long to wait for the server to connect and send data before giving up. Integer value defined in seconds, by default 30 seconds.
- PSCLI_TIMEOUT_REQUEST - How long to wait for each request made to the API. Defined in seconds, by default 30 seconds.
- PSCLI_VERIFY_CA- Set to false to disable SSL certificate verification (useful for self-signed certificates). By default, SSL verification is enabled for secure connections.
Prerequisites
- Python 3.12+
- Password Safe version 24.3
Installation
Using the Python Package Index (PyPI): https://pypi.org/project/beyondtrust-bips-cli/
pip install beyondtrust-bips-cli
Ensure that ps-cli is properly installed:
ps-cli -h
# Output usage instructions
# usage: ps-cli [-h] [-v] [-l {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [--format {json,csv,tsv}] [--delimiter {,,;, ,|, }]
# [-av {3.0,3.1}]
# {safes,folders,secrets,settings} ...
Configuration
Once ps-cli is properly installed in your system, generate the default pscli-settings.ini using this command:
ps-cli settings initialize-settings
By default, the settings file is created in the user's home directory (~). To specify a custom path for the settings, set the _PSCLI_SETTINGS_PATH _environment variable.
After creating the settings file, edit it and configure api_url, client_id, and client_secret.
Usage
In every service or command, you can request assistance by using the help option (-h). This provides you with detailed information about the command's functionality, as well as its required options and arguments.
The ps-cli offers three distinct output formats: TSV (which is the default), CSV, and JSON. To specify your preferred format, utilize the --format option in the ps-cli command:
ps-cli --format JSON {service} {command} {options}
You can adjust the verbosity level to receive more detailed information about the command being executed. To do this, use the -v option when calling the ps-cli:
ps-cli -v {service} {command} {options}
Available services and commands
To view the most up-to-date list of available services, use ps-cli -h.
To view the most up-to-date list of available commands by service, use ps-cli {service} -h.
Current Services
Address Groups: Address groups management commands
To display the available commands for safes, use:
ps-cli address-groups -h
Output:
create-address-group (create)
Creates a new Address Group.
delete-address-group (delete)
Deletes an Address Group by ID.
get-address-group (get)
Returns an Address Group by name or ID.
list-address-groups (list)
List the address groups.
update-address-group (update)
Updates an existing Address Group.
Retrieve an address group
To retrieve an address group by its ID and show output in JSON format, use:
ps-cli --format json address-groups get -id <INTEGER ID>
To retrieve an address group by its Name and show output in JSON format, use:
ps-cli --format json address-groups get -n <FULL NAME>
List address groups
To list address groups and show the output in JSON format, use:
ps-cli --format json address-groups list
Create an address group
To create a new Address Group and show the output in JSON format, use:
ps-cli --format json address-groups create -n <NAME>
Update an address group
To update an existing Address Group using its ID and show the response in JSON format, use:
ps-cli --format json address-groups update -n <NEW_NAME> -id <ADDRESS_GROUP_ID>
Delete an address group
To delete an address group by ID and show the response in JSON format, use:
ps-cli --format json address-groups delete -id <ADDRESS_GROUP_ID>
Safes: Commands for managing safes
To display the available commands for safes, use:
ps-cli safes -h
Output:
create-safe (create)
Creates a new Safe.
delete-safe (delete)
Deletes a Safe by ID.
get-safe (get) Returns a safe by ID.
list-safes (list) Returns all safes to which the current user has access.
update-safe (update)
Updates an exiging Safe using its ID.
Create a safe
To create a safe and show output in JSON format, use:
ps-cli --format json safes create -n <SAFE'S NAME> [-d <DESCRIPTION>]
Update a safe
To update a safe, use:
ps-cli safes update -n <NEW SAFE'S NAME> -id <SAFE GUID>
Retrieve a safe
To retrieve a safe using JSON format, use:
ps-cli --format json safes get -id <SAFE GUID>
List safes
To return all safes to which the current user has access and show output in JSON format, use:
ps-cli --format json safes list
Delete a safe
To delete a safe, use:
ps-cli safes delete -id <SAFE GUID>
Folders: Commands for managing folders
To display the available commands for folders, use:
ps-cli folders -h
Create folder
To create a folder, specify a parent folder or a safe location, along with the name of the folder being created, use:
ps-cli folders create -pid <folder or safe GUID> -n <FolderName>
You can view all available options to create secrets by using the help command associated with the create function: ps-cli folders create -h.
List folders
You can retrieve a list of folders and apply filters to customize your results using the following options:
- -p or --path to filter by path
- -n or --name to filter by the partial name of the folder
- -l or --limit to specify the maximum number of results
- -o or --offset to set the starting point for the results
- -oi or --owner-id to filter results by the folders which are owned by the given owner ID
- -ro or --root-only to display the results only including those folders at the root level
- -sor --include-subfolders indicate whether to include the subfolders.
ps-cli --format json folders list [-o offset] [-l limit] [-oi owner_id] [-p path] [-n name]
Delete a folder
To delete a folder by ID, use:
ps-cli folders delete -id <FOLDER GUID>
To delete a folder by name, use:
ps-cli folders delete -n <FOLDER Name>
If several folders match the name, then the delete operation cannot be completed.
Get a folder
To return a Secrets Safe folder by ID or folder name, use:
ps-cli folders get [-id <FOLDER GUID>] [-n <FOLDER Name>]
Secrets: Commands for managing secrets
To display the available commands for secrets, use:
ps-cli secrets -h
Create secret
Based on the options specified in the secrets create command, you can generate a credential, text, or file secret.
You can view all available options for creating secrets by using the help command associated with the create function: ps-cli secrets create -h.
Credential secret
To create a credential secret, you must use --username and --password, among other options, such as --owner-type (-ot) and --owners (-o):
ps-cli secrets create --username <USERNAME> --password <PASSWORD> -t <SECRET TITLE> -fid <FOLDER_GUID> --owner-type <User|Group> --owners <OWNER ID>
Text secret
To create a text secret, you must use the --text option:
ps-cli secrets create --text "<TEXT FOR SECRET>" -t <SECRET TITLE> -fid <FOLDER_GUID> -ot <User|Group> -o <OWNER ID>
File secret
To create a file secret, you must use the --file-path option:
ps-cli secrets create --file-path <PATH TO FILE> -t <SECRET TITLE> -fid <FOLDER_GUID> --owner-type <User|Group> --owners <OWNER ID>
Update a secret
Credential secret
Updating a credential secret is similar to its creation. The main difference is that secret GUID (-sid) must be provided in the command:
ps-cli -v secrets update -sid <SECRET GUID> -fid <FOLDER GUID> -t <SECRET TITLE> --username <USERNAME> --password <PASSWORD> --owner-type <User|Group> --owners <OWNER ID>
List secrets
You can retrieve a list of secrets and apply filters to customize your results using the following options:
- -t or --title to filter by title
- -p or --path to filter by path
- -l or --limit to specify the maximum number of results
- -o or --offset to set the starting point for the results
For further details, you can use the command ps-cli secrets list -h.
ps-cli secrets list -t <SECRET FULL TITLE>
Get a secret
You can return a secret by ID or title.
To retrieve a secret by GUID, use:
ps-cli secrets get -id <SECRET GUID>
To retrieve a secret by Title, use:
ps-cli secrets get -t <SECRET FULL TITLE>
Delete a secret
To delete a secret, provide the secret GUID (-id):
ps-cli secrets delete -id <SECRET GUID>
Download a secret file
To get a secret file as an attachment based on secretId, if save-to-path is provided, then the file is saved in that location.
ps-cli secrets download -id <SECRET GUID> [-s <SAVE_TO_PATH>]
Settings: Management commands for PS CLI settings
Refresh settings
Update the .ini file with the latest structure. If a new setting has been added, it is included.
ps-cli settings refresh-settings
Update single setting
The update-setting -s command allows you to update a single value or setting of a specific key in a given section of the settings file. If the section does not exist, it is created. If the key does not exist in the section, it is added with the provided value.
ps-cli settings update-setting -s <SECTION> -k <KEY> -v <VALUE>
Assets: Asset management commands.
Assign attribute
To assign an attribute to an asset using the asset ID, use:
ps-cli assets assign-attribute -id <ASSET_ID> -aid <ATTRIBUTE_ID>
To assign an attribute to an asset using the asset name and Workgroup name, use:
ps-cli assets assign-attribute -an <ASSET_NAME> -wgn <WORKGROUP_NAME> -aid <Attribute ID>
To assign an attribute to an asset using the asset name and Workgroup ID, use:
ps-cli assets assign-attribute -an <ASSET_NAME> -wgi <WORKGROUP_ID> -aid <Attribute ID>
Create an asset
To create a new asset in the Workgroup, either WORKGROUP ID or WORKGROUP NAME is required:
ps-cli assets create -ip <IP_ADDRESS> [-os <OPERATING_SYSTEM>] [-d <DESCRIPTION>] [-t <ASSET_TYPE>] [-mac <MAC_ADDRESS>] [-domain <DOMAIN_NAME>] [-dns DNS_NAME] [-n <ASSET_NAME>] [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>]
Delete an asset
To delete an existing asset by Asset ID, use:
ps-cli assets delete-attribute -aid <ATTRIBUTE_ID> -id <ASSET_ID>
To delete an attribute from an asset by Asset Name and Workgroup ID, use:
ps-cli assets delete-attribute -aid <ATTRIBUTE_ID> -wgi <WORKGROUP_ID> -an <ASSET_NAME>
To delete an attribute from an asset by Asset Name and Workgroup Name, use:
ps-cli assets delete -n <ASSET_NAME> -wgn <WORKGROUP_NAME>
Delete an asset attribute
To delete an attribute's asset using Asset ID, use:
ps-cli assets delete-attribute -aid <ATTRIBUTE_ID> -id <ASSET_ID>
To delete an attribute's asset using Asset Name and Workgroup ID, use:
ps-cli assets delete-attribute -aid <ATTRIBUTE_ID> -wgi <WORKGROUP_ID> -an <ASSET_NAME>
Get an asset by ID
To return an asset by Asset ID (-id), use:
ps-cli assets get-by-id -id ASSET_ID
Get an asset by its name and Workgroup’s ID or Name
To return an asset by workgroup name or ID (-wgn | -wgi) and asset name (-an), use:
ps-cli assets get-by-wg -an ASSET_NAME [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>]
List assets
To return a list of assets by Workgroup name (-wgn) or ID (-wgi), use:
ps-cli assets list [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>] [-o <OFFSET>] [-l <LIMIT>]
List asset’s attributes
To return a list of assets by Asset ID, use:
ps-cli assets list-attributes -id <ASSET_ID>
To return a list of assets by Asset’s name by Workgroup name (-wgn) or ID (-wgi)), use:
ps-cli assets list-attributes -an ASSET_NAME [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>]
List assets by Smart Rule
To return a list of assets by Smart Rule ID, use:
ps-cli assets list-by-sr -id <SMART_RULE_ID> [-o <OFFSET>] [-l <LIMIT>]
To return a list of assets by Smart Rule title, use:
ps-cli assets list-by-sr -t <TITLE> [-o <OFFSET>] [-l <LIMIT>]
Search assets
Returns a list of assets that match the given search options. At least one search option should be provided; any property not provided is ignored. All search criteria is case insensitive and is an exact match, except for IP Address:
ps-cli assets search [-t <ASSET_TYPE>] [-mac <MAC_ADDRESS>] [-ip <IP_ADDRESS>] [-domain <DOMAIN_NAME>] [-dns <DNS_NAME>] [-n <ASSET_NAME>] [-o <OFFSET>] [-l <LIMIT>]
Update an asset
To update an existing asset by Asset’s ID, use:
ps-cli assets update -id <ASSET_ID> [-os <OPERATING_SYSTEM>] [-d <DESCRIPTION>] [-t <ASSET_TYPE>] [-mac <MAC_ADDRESS>] [-domain <DOMAIN_NAME>] [-dns <DNS_NAME>] [-n <ASSET_NAME>] [-ip <IP_ADDRESS>] [-pn <PREV_ASSET_NAME>] [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>]
To set a new workgroup, use -wgi / -wgn options.
To update an existing asset by Asset’s name and Workgroup's name, use:
ps-cli assets update -n <ASSET_NAME> -pwgn <PREV_WORKGROUP_NAME>> [-os <OPERATING_SYSTEM>] [-d <DESCRIPTION>] [-t <ASSET_TYPE>] [-mac <MAC_ADDRESS>] [-domain <DOMAIN_NAME>] [-dns <DNS_NAME>] [-ip <IP_ADDRESS>] [-pn <PREV_ASSET_NAME>] [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>] [-pwgi <PREV_WORKGROUP_ID>]
To set a new workgroup, use -wgi or -wgn .
To identify the asset using the workgroup Name, use -pwgn.
To update an existing asset by Asset’s name and Workgroup's ID, use:
ps-cli assets update -n <ASSET_NAME> [-pwgi <PREV_WORKGROUP_ID>] [-os <OPERATING_SYSTEM>] [-d <DESCRIPTION>] [-t <ASSET_TYPE>] [-mac <MAC_ADDRESS>] [-domain <DOMAIN_NAME>] [-dns <DNS_NAME>] [-ip <IP_ADDRESS>] [-pn <PREV_ASSET_NAME>] [-wgi <WORKGROUP_ID>] [-wgn <WORKGROUP_NAME>]
To set a new workgroup, use -wgi or -wgn .
To identify the asset using the workgroup ID, use -pwgi.
Organizations: Organizations management commands
Retrieve an organization
To retrieve an organization by its ID and show output in JSON format, use:
ps-cli --format json organizations get -id <GUID>
To retrieve an organization by its Name in JSON format, use:
ps-cli --format json organizations get -n <FULL NAME>
List organizations
To return a list of organizations to which the current user has permission and show output in JSON format, use:
ps-cli --format json organizations list
Managed Accounts: Managed Accounts management commands
To display the available commands for Managed Systems, use:
ps-cli managed-accounts -h
Get a Managed Account
To return a managed account by ID, use:
ps-cli --format json managed-accounts get -id <ACCOUNT_ID>
To return a managed accounts as a list by searching by Account and System's name, use:
ps-cli --format json managed-accounts get -sn <SYSTEM_NAME> -an <ACCOUNT_NAME>
List Managed Accounts by Managed System ID
To return a list of managed accounts by managed system ID and show output in JSON format, use:
ps-cli --format json managed-accounts list -id <MANAGED_SYSTEM_ID>
List Managed Accounts by Quick Rule
To list managed accounts by Quick Rule's ID, use:
ps-cli --format json managed-accounts list-by-qr -id <QUICK_RULE_ID>
To list managed accounts by Quick Rule's Title, use:
ps-cli --format json managed-accounts list-by-qr -t <QUICK_RULE_TITLE>
List Managed Accounts by Smart Rule
To list managed accounts by Smart Rule's ID and show output in JSON format, use:
ps-cli --format json managed-accounts list-by-sr -id <SMART_RULE_ID>
List managed accounts by Smart Rule Title
To list managed accounts by Smart Rule's Title, use:
ps-cli managed-accounts list-by-sr -t <SMART_RULE_TITLE>
Create a managed account in specified managed system
To create a managed account in a specified managed system, use:
ps-cli managed-accounts create-managed-account [-h] [-oid OBJECT_ID] [-cscf] [-cdcf] [-ccpf] [-cwal] [-wgid WORKGROUP_ID] [-riapf] [-ciapf] [-uoc] [-ncd NEXT_CHANGE_DATE] [-ct CHANGE_TIME] [-cfd CHANGE_FREQUENCY_DAYS] [-cft CHANGE_FREQUENCY_TYPE] [-cpafr] [-rpf] [-cpf] [-dsamf] [-amf] [-mcr MAX_CONCURRENT_REQUESTS] [-isard ISA_RELEASE_DURATION] [-mrd MAX_RELEASE_DURATION] [-rd RELEASE_DURATION] [-ctf] [-rsf] [-csf] [-rne RELEASE_NOTIFICATION_EMAIL] [-ae] [-prid PASSWORD_RULE_ID] [-d DESCRIPTION] [-laf] [-pbf] [-pp PASSPHRASE] [-pk PRIVATE_KEY] [-dnm DISTINGUISHED_NAME] [-sam SAM_ACCOUNT_NAME] [-upn USER_PRINCIPAL_NAME] [-dn DOMAIN_NAME] [-p PASSWORD] -an ACCOUNT_NAME -s SYSTEM_ID
Assign an attribute to a managed account
To assign an attribute to a managed account, use:
ps-cli managed-accounts assign-attribute -aid <ATTRIBUTE_ID> -id <MANAGED_ACCOUNT_ID>
Delete an attribute to a managed account
To delete an attribute to a managed account, use:
ps-cli managed-accounts delete-attribute -aid <ATTRIBUTE_ID> -id <MANAGED_ACCOUNT_ID>
Delete all attributes of a managed account
To delete all attributes of a managed account, use:
ps-cli managed-accounts delete-all-attributes -id <MANAGED_ACCOUNT_ID>
Delete a managed account by ID
To delete a managed account by ID, use:
ps-cli managed-accounts delete -id <MANAGED_ACCOUNT_ID>
Managed Systems: Managed Systems management commands
To display the available commands for Managed Systems, use:
ps-cli managed-systems -h
Output:
usage: ps-cli managed-systems [-h]
{create-managed-system-by-asset,create-managed-system-by-database-id,create-managed-system-by-workgroup,delete-managed-system-by-id,get-managed-system-by-asset,get-managed-system-by-database-id,get-managed-system-by-functional-account-id,get-managed-system-by-id,get-managed-system-by-workgroup-id,list-managed-systems,update-managed-system-by-id}
...
Works with Secrets Safe Managed Systems - Create, Update, Get, or Delete
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for managed-systems
{create-managed-system-by-asset,create-managed-system-by-database-id,create-managed-system-by-workgroup,delete-managed-system-by-id,get-managed-system-by-asset,get-managed-system-by-database-id,get-managed-system-by-functional-account-id,get-managed-system-by-id,get-managed-system-by-workgroup-id,list-managed-systems,update-managed-system-by-id}
create-managed-system-by-asset
Creates a new Managed System using the asset ID.
create-managed-system-by-database-id
Creates a new Managed System using the database ID.
create-managed-system-by-workgroup
Creates a new Managed System using the workgroup ID or name. If both workgroup ID and name are provided, the ID will be used. If
neither is provided, an error will be raised.
delete-managed-system-by-id
Deletes a Managed System by ID.
get-managed-system-by-asset
Returns a Managed System by Asset ID or Asset Name.
get-managed-system-by-database-id
Returns a Managed System by Database ID.
get-managed-system-by-functional-account-id
Returns a list of managed systems auto-managed by the functional account referenced by ID.
get-managed-system-by-id
Returns a Managed System by ID.
get-managed-system-by-workgroup-id
Returns a list of managed systems by the workgroup referenced by ID.
list-managed-systems
Returns a list of Managed Systems to which the current user has access.
update-managed-system-by-id
Updates a Managed System by ID.
List Managed Systems
To list all managed systems that the user has access to and show output in JSON format, use, where:
-t or --type. The type of managed system to get.
-n or --name. The name of the managed system.
-l or --limit. Limit the results. Default is 100000.
-o or --offset. Records to skip before returning results (use with limit).
ps-cli --format json managed-systems list-managed-systems [-t <TYPE>] [-n <NAME>] [-l <LIMIT>] [-o <OFFSET>]
Get Managed System by ID
To return a managed system searching by ID (-id) and show output in JSON format, use:
ps-cli --format json managed-systems get-managed-system-by-id
Get Managed System by Asset
To return a Managed System by Asset ID or Asset Name and show output in JSON format, use:
ps-cli --format json managed-systems get-managed-system-by-asset
Get Managed System by Database ID
To return a Managed System by Database ID and show output in JSON format, use:
ps-cli --format json managed-systems get-managed-system-by-database-id
Get Managed System by Functional Account ID
To return a list of managed systems auto-managed by the functional account referenced by ID and show output in JSON format, use:
ps-cli --format json managed-systems get-managed-system-by-functional-account-id
Get Managed System by Workgroup ID
To return a list of managed systems by the workgroup referenced by ID and show output in JSON format, use:
ps-cli --format json managed-systems get-managed-system-by-workgroup-id
Create a Managed System by Asset
To create a new Managed System using the asset reference, which could be asset ID or asset name with workgroup name, and show output in JSON format, use:
ps-cli --format json managed-systems create-managed-system-by-asset
Create a Managed System by Database ID
To create a new Managed System using the database ID and show output in JSON format, use:
ps-cli --format json managed-systems create-managed-system-by-database-id
Create a Managed System by Workgroup
To create a new Managed System using the workgroup ID or name and show output in JSON format, use:
ps-cli --format json managed-systems create-managed-system-by-workgroup
Delete Managed System by ID
To delete a Managed System by ID, use:
ps-cli --format json managed-systems delete-managed-system-by-id
Update Managed System by ID
To update a Managed System by ID and show output in JSON format, use:
ps-cli --format json managed-systems update-managed-system-by-id
Workgroups: Workgroup management commands
To display the available commands for Workgroups, use:
ps-cli workgroups -h
Output:
usage: ps-cli workgroups [-h] {create-workgroup,get-workgroup,list-workgroups} ...
Works with Secrets Safe Workgroups - Create, Update, Get, or Delete
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for workgroups
{create-workgroup,get-workgroup,list-workgroups}
create-workgroup Creates a new Workgroup.
get-workgroup Returns a Workgroup by name or id.
list-workgroups Returns a list of Workgroups to which the current user has access.
List Workgroups
To list all workgroups that the user has access to and show output in JSON format, use:
ps-cli --format json workgroups list-workgroups
Get Workgroup
To return a Workgroup by name or id and show output in JSON format, use:
ps-cli --format json workgroups get-workgroup
Create a Workgroup
To create a new Workgroup and show output in JSON format, use:
ps-cli --format json workgroups create-workgroup
Keystrokes: Keystroke management commands
To display the available commands for Keystrokes, use:
ps-cli keystrokes -h
Output:
usage: ps-cli keystrokes [-h] {get-keystroke,get,get-keystrokes-by-session,by-session,search-keystrokes,search} ...
Returns a list of Keystrokes, a single keystroke, or search keystrokes.
Requires Password Safe Auditor or ISA Role on an Asset, or
member of BeyondInsight Administrators group.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for keystrokes
{get-keystroke,get,get-keystrokes-by-session,by-session,search-keystrokes,search}
get-keystroke (get)
Returns a keystroke by ID.
get-keystrokes-by-session (by-session)
Returns all keystrokes for a specific session ID.
search-keystrokes (search)
Searches keystrokes by data and type.
Get keystrokes
To return a keystroke by ID, use:
ps-cli keystrokes get -id <KEYSTROKE_ID>
Get keystrokes by Session
To get keystrokes by Session, use:
ps-cli keystrokes by-session -id <SESSION_ID>
Search keystrokes
To search keystrokes by data and type, use:
ps-cli keystrokes search -d <KEYWORDS_TO_SEARCH> [-t <TYPE>]
Databases: Database management commands
To display the available commands for Databases, use:
ps-cli databases -h
Output:
usage: ps-cli databases [-h]
{create-database-by-asset-id,delete-database-by-id,get-database-by-id,get-databases-by-asset,list-databases,update-database-by-id}
...
Controller for managing databases.
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for databases
{create-database-by-asset-id,delete-database-by-id,get-database-by-id,get-databases-by-asset,list-databases,update-database-by-id}
create-database-by-asset-id
Creates a new database by asset ID.
delete-database-by-id
Deletes a database by ID.
get-database-by-id Returns a database by ID.
get-databases-by-asset
Returns a list of databases by asset ID or name.
list-databases Returns all databases to which the current user has access.
update-database-by-id
Updates a database by ID.
List Databases
To list all databases that the user has access to and show output in JSON format, use:
ps-cli --format json databases list-databases
Get Database by ID
To return a database by ID and shows output in JSON format, use:
ps-cli --format json databases get-database-by-id -d-id <DATABASE_ID>
Get Database by Asset
To return a list of databases by asset ID or name and shows output in JSON format, use:
ps-cli --format json databases get-databases-by-asset [-a-id <ASSET_ID>] [-a-name <ASSET_NAME>]
Created Database by Asset ID
To create a new database by asset ID and shows output in JSON format, use:
ps-cli --format json databases create [-h] [-t TEMPLATE] [-v VERSION] [-is-def-inst] [-in INSTANCE_NAME] -p PORT -p-id PLATFORM_ID -a-id ASSET_ID
Update Database by ID
To update a database by ID and shows output in JSON format, use:
ps-cli --format json databases update [-h] [-t TEMPLATE] [-v VERSION] [-p PORT] [-is-def-inst] [-in INSTANCE_NAME] -p-id PLATFORM_ID -d-id DATABASE_ID
Delete Database by ID
To delete a database by ID, use:
ps-cli --format json databases delete-database-by-id -d-id <DATABASE_ID>
Entitlements: Entitlements management commands
To display the available commands for Entitlement, use:
ps-cli entitlements -h
List entitlements
To return user entitlements, use:
ps-cli --format json entitlements list
List entitlements using GroupID, use:
To return user entitlements using GroupID, use:
ps-cli --format json entitlements list -g <GROUP_IDS ...>
# i.e.: ps-cli --format json entitlements list -g 4 5
# i.e.: ps-cli --format json entitlements list -g 4 -g 5
Entity Types: Entity Types management commands
List Entity Types
To return a list of entity types, use:
ps-cli entity-types list -h
ISA Requests
Create ISA request
To create a new Information Systems Administrator (ISA) release request and return the requested credentials, use:
ps-cli isa-requests create -a <ACCOUNT_ID> -s <SYSTEM_ID> [-r <REASON>] [-d <DURATION_MINUTES>]
Platforms: Platforms management commands
List platforms
To return a list of platforms for managed systems, use:
ps-cli platforms list
List by entity type
To return a list of platforms by entity type ID, use:
ps-cli platforms list-by-et -id <ENTITY_TYPE_ID>
Get a platform
To return a platform by ID, use:
ps-cli platforms get -id <PLATFORM_ID>
Functional Accounts: Functional Accounts management commands
To display a list of available commands for Functional Accounts, use:
ps-cli functional-accounts -h
Get a functional account
To return a functional account by ID and show response in JSON format, use:
ps-cli --format json functional-accounts get -id <ACCOUNT_ID>
To return a functional account by searching by name and show response in JSON format, use:
ps-cli --format json functional-accounts get -n <NAME>
List functional accounts
To return a list of functional accounts and show response in JSON format, use:
ps-cli --format json functional-accounts list
Create a functional account in a specified platform
To create a functional account in a specified platform, use:
ps-cli functional-accounts create -n <ACCOUNT_NAME> -p <PLATFORM_ID> [-ai <AZURE_INSTANCE>] [-sae <SERVICE_ACCOUNT_EMAIL] [-s <SECRET>] [-oid <OBJECT_ID>] [-tid <TENANT_ID>] [-ec <ELEVATION_COMMAND>] [-pp <PASSPHRASE>] [-pk <PRIVATE_KEY>] [-pwd <PASSWORD>] [-dom <DOMAIN_NAME>] [-desc <DESCRIPTION>] [-d DISPLAY_NAME>]
Delete a functional account by ID
To delete a functional account by ID, use:
ps-cli functional-accounts delete -id <FUNCTIONAL_ACCOUNT_ID>
Password Rules: Password Rules reading functionality commands
To display a list of available commands for Password Rules, use:
ps-cli password-rules -h
Get a password rule
To return a password rule by ID and show the output in JSON format, use:
ps-cli --format json password-rules get [-h] -id RULE_ID
List a password rule
To return a list of password rules and show the output in JSON format, use:
ps-cli --format json password-rules list
List of password rules for an enabled product
To return a list of password rules, with an optional parameter to return polices enabled for Password Safe or Secrets Safe and show the output in JSON format, use:
ps-cli --format json password-rules list-ep [-h] [-n {PasswordSafe,SecretsSafe}]
Users: User management commands
To display a list of available commands for Users, use:
ps-cli users -h
Output:
usage: ps-cli users [-h]
{create-user-active-directory,create-user-ad,create-user-app,create-user-beyond-insight,create-user-bi,create-user-by-user-group-id,create-user-ldap,delete-user,get-user-by-id,get-users-by-user-group-id,list-users,quarantine-user,recycle-client-secret,update-user-application,update-user-app,update-user-beyond-insight,update-user-bi}
...
Works with Secrets Safe users - Create, Update, Get, or Delete
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for users
{create-user-active-directory,create-user-ad,create-user-app,create-user-beyond-insight,create-user-bi,create-user-by-user-group-id,create-user-ldap,delete-user,get-user-by-id,get-users-by-user-group-id,list-users,quarantine-user,recycle-client-secret,update-user-application,update-user-app,update-user-beyond-insight,update-user-bi}
create-user-active-directory (create-user-ad)
Creates a new user with UserType "ActiveDirectory".
create-user-app Creates a new user with UserType "Application".
create-user-beyond-insight (create-user-bi)
Creates a new user with UserType "BeyondInsight".
create-user-by-user-group-id
Creates a new user by User Group ID.
create-user-ldap Creates a new user with UserType "LDAP".
delete-user Deletes a user by ID.
get-user-by-id Returns a user by ID.
get-users-by-user-group-id
Returns a list of users by User Group ID.
list-users Returns a list of users to which the current user has access.
quarantine-user Quarantines a user by ID.
recycle-client-secret
Recycles a client secret for a user by ID.
update-user-application (update-user-app)
Updates a user with UserType "Application".
update-user-beyond-insight (update-user-bi)
Updates a user with UserType "BeyondInsight".
Create a user with type "ActiveDirectory"
To create a new user with the UserType "Active Directory" and show output in JSON format, use:
ps-cli --format json users create-user-active-directory -u-na <USER_NAME> [-fo-na <FOREST_NAME>] [-do-na <DOMAIN_NAME>] [-b-user <BIND_USER_NAME>] [-b-pa <BIND_PASSWORD>] [-ssl <USE_SSL>]
Create a User with type "Application"
To create a new user with the UserType "Application" and show output in JSON format, use:
ps-cli -v --format json users create-user-app -u-na <USER_NAME> [-acc-po <ACCESS_POLICY_ID>]
ps-cli -v --format json users create-user-app -u-na <USER_NAME> [-acc-po <ACCESS_POLICY_ID>]
Create a User with type “BeyondInsight”
To create a new user with the UserType "BeyondInsight" and show output in JSON format, use:
ps-cli -v --format json users create-user-beyond-insight -n <USER_NAME> -u-email <USER_EMAIL> -p <PASSWORD> -fn <USER_FIRST_NAME> [-u-l-na <USER_LAST_NAME>]
Create a User with User Group ID
To create a new user with User Group ID and show output in JSON format, use:
ps-cli -v --format json users create-user-by-user-group-id -u-gr-id <USER_GROUP_ID> -u-n <USER_NAME> -u-email <USER_EMAIL> -p <PASSWORD> -u-f-na <USER_FIRST_NAME> [-u-l-na <USER_LAST_NAME>]
Create a User with type “LDAP”
To create a new user with the UserType "LDAP" and show output in JSON format, use:
ps-cli -v --format json users create-user-ldap -h-na <HOST_NAME> -d-na <DISTINGUISHED_NAME> -a-na-attr <ACCOUNT_NAME_ATTRIBUTE> [-b-user <BIND_USER_NAME>] [-b-pa <BIND_PASSWORD>] [-p <PORT>] [-ssl]
Delete a user by ID
To delete a user by ID, use:
ps-cli -v --format json users delete-user -u-id <USER_ID>
Get User by ID
To return a user by ID, and shows output in JSON format, use:
ps-cli -v --format json users get-user-by-id -u-id <USER_ID>
Get Users by User Group ID
To return a list of users by User Group ID and show output in JSON format, use:
ps-cli -v --format json users get-users-by-user-group-id -id <USER_GROUP_ID>
List Users
To return a list of users to which the current user has access and show output in JSON format, use:
ps-cli -v --format json users list-users [-u <USERNAME>] -i [<INCLUDE_INACTIVE>]
Quarantine User
To quarantine a user by ID and show output in JSON format, use:
ps-cli -v --format json users quarantine-user -u-id <USER_ID>
Recycles Client Secret
To recycle a client secret for a user by ID and show output in JSON format, use:
ps-cli -v --format json users recycle-client-secret -u-id <USER_ID>
Update User Application
To update a user with UserType "Application" and show output in JSON format, use:
ps-cli -v --format json users update-user-application -u-id <USER_ID> -u-na <USER_NAME> [-acc-po <ACCESS_POLICY_ID>]
Update User Beyond Insight
To update a user with UserType "BeyondInsight" and show output in JSON format, use:
ps-cli -v --format json users update-user-beyond-insight -u-id <USER_ID> -u-n <USER_NAME> -p <PASSWORD> [-u-f-na <USER_FIRST_NAME>] [-u-l-na <USER_LAST_NAME>] [-u-email <USER_EMAIL>]
UserGroups: UserGroups management commands
To display a list of available commands for UserGroups, use:
ps-cli usergroups -h
Output:
usage: ps-cli usergroups [-h]
{create-usergroup-active-directory,create-usergroup-ad,create-usergroup-beyond-insight,create-usergroup-bi,create-usergroup-entraid,create-usergroup-entra,create-usergroup-ldap,delete-usergroup,get-usergroup,list-usergroups}
...
Works with Secrets Safe Usergroups - Create, Update, Get, or Delete
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for usergroups
{create-usergroup-active-directory,create-usergroup-ad,create-usergroup-beyond-insight,create-usergroup-bi,create-usergroup-entraid,create-usergroup-entra,create-usergroup-ldap,delete-usergroup,get-usergroup,list-usergroups}
create-usergroup-active-directory (create-usergroup-ad)
Creates a new Usergroup with UserType "ActiveDirectory".
create-usergroup-beyond-insight (create-usergroup-bi)
Creates a new Usergroup with UserType "BeyondInsight".
create-usergroup-entraid (create-usergroup-entra)
Creates a new Usergroup with UserType "ActiveDirectory".
create-usergroup-ldap (create-usergroup-ldap)
Creates a new Usergroup with UserType "LDAP".
delete-usergroup (delete-usergroup)
Deletes a Usergroup by ID or name.
get-usergroup Returns a usergroup by ID or name.
list-usergroups Returns a list of Usergroups to which the current user has access.
Create Usergroup ActiveDirectory
To create a new Usergroup with UserType "ActiveDirectory" and show output in JSON format, use:
ps-cli -v --format json usergroups create-usergroup-active-directory -n <USERGROUP_NAME> -d-na <DOMAIN_NAME> -d <DESCRIPTION> [-fo-na <FOREST_NAME>] [-b-user <BIND_USER_NAME>] [-b-pa <BIND_PASSWORD>] [-ssl "USE_SSL_FLAG"] [-non-act "NON_ACTIVE_FLAG"] [-e-g-s "EXCLUDE_FROM_GLOBAL_SYNC_FLAG"] [-o-g-s "OVERRIDE_GLOBAL_SYNC_SETTINGS_FLAG"] [-perm "{'PermissionID': <ID>, 'AccessLevelID': <ID>}"] [-s-rules "{'SmartRuleID': <ID>, 'AccessLevelID': <ID>}"] [-app-r-ids <APPLICATION_REGISTRATION_ID>]
Create Usergroup BeyondInsight
To create a new Usergroup with UserType "BeyondInsight" and show output in JSON format, use:
ps-cli -v --format json usergroups create-usergroup-beyond-insight -n <USERGROUP_NAME> -d <DESCRIPTION> [-non-act "NON_ACTIVE_FLAG"] [-perm "{'PermissionID': <ID>, 'AccessLevelID': <ID>}"] [-s-rules "{'SmartRuleID': <ID>, 'AccessLevelID': <ID>}"] [-app-r-ids <APPLICATION_REGISTRATION_ID>]
Create Usergroup EntraId
To create a new Usergroup with UserType "EntraId" and show output in JSON format, use:
ps-cli -v --format json usergroups create-usergroup-entraid -n <USERGROUP_NAME> -d <DESCRIPTION> -c-id <CLIENT_ID> -c-secret <CLIENT_SECRET> -t-id <TENANT_ID> [-a-i <AZURE_INSTANCE>] [-non-act "NON_ACTIVE_FLAG"] [-perm "{'PermissionID': <ID>, 'AccessLevelID': <ID>}"] [-s-rules "{'SmartRuleID': <ID>, 'AccessLevelID': <ID>}"] [-app-r-ids <APPLICATION_REGISTRATION_ID>]
Create Usergroup LDAP
To create a new Usergroup with UserType "LDAP" and show output in JSON format, use:
ps-cli -v --format json usergroups create-usergroup-ldap -n <USERGROUP_NAME> -g-d-n <GROUP_DISTINGUISHED_NAME> -h-n <HOST_NAME> -m-a <MEMBERSHIP_ATTRIBUTE> -a-attr <ACCOUNT_ATTRIBUTE> [-b-user <BIND_USER_NAME>] [-b-pa <BIND_PASSWORD>] [-p <PORT>] [-ssl "USE_SSL_FLAG"] [-non-act "NON_ACTIVE_FLAG"] [-perm "{'PermissionID': <ID>, 'AccessLevelID': <ID>}"] [-s-rules "{'SmartRuleID': <ID>, 'AccessLevelID': <ID>}"] [-app-r-ids <APPLICATION_REGISTRATION_ID>]
Delete Usergroup
To delete a Usergroup by ID or name and show output in JSON format, use:
ps-cli -v --format json usergroups delete-usergroup [-id <USERGROUP_ID>] [-n <USERGROUP_NAME>]
Get Usergroup
To return a Usergroup by ID or name and show output in JSON format, use:
ps-cli -v --format json usergroups get-usergroup [-id <USERGROUP_ID>] [-n <USERGROUP_NAME>]
List Usergroup
To return a list of Usergroups to which the current user has access and show output in JSON format, use:
ps-cli -v --format json usergroups list-usergroups
Roles: Roles commands
To list available Roles commands, use:
ps-cli roles list
User Group Roles: User Group Roles management commands
To display a list of available commands for user group roles, use:
ps-cli user-group-roles -h
Set user group roles
To set Password Safe roles for the user group and Smart Rule referenced by ID, use:
ps-cli user-group-roles set -sr SMART_RULE_ID -ug USER_GROUP_ID [-ap ACCESS_POLICY_ID] [-r [ROLES ...]]
Valid Roles by Smart Rule Type:
- Asset Smart Rules
- 4 - Information Security Administrator (ISA)
- 5 - Auditor
- Managed Account Smart Rules
- 1 - Requestor (requires AccessPolicyID)
- 2 - Approver
- 3 - Requestor & Approver (requires AccessPolicyID)
- 7 - Credentials Manager
- 8 - Recorded Session Reviewer
- 9 - Active Session Reviewer
For Managed Account Smart Rules, only one of Requestor (1), Approver (2), or Requestor & Approver (3) can be assigned per user group/smart rule combination.
Get user group roles
To return a list of roles for the user group and Smart Rule referenced by ID, use:
ps-cli user-group-roles get -sr SMART_RULE_ID -ug USER_GROUP_ID
Delete user group roles
To delete all Password Safe roles for the user group and Smart Rule referenced by ID, use:
ps-cli user-group-roles delete -sr SMART_RULE_ID -ug USER_GROUP_ID
Requests: Requests management commands
To display a list of available commands for Requests, use:
ps-cli requests -h
Output:
usage: ps-cli requests [-h]
{create-request,create,create-request-alias,create-request-set,create-request-sets,get-request-set,get-request-sets,list-requests,list,put-request-approve,approve-request,put-request-checkin,checkin-request,put-request-deny,deny,request-rotate-on-checkin,rotate-on-checkin,terminate-user-request,termination-managed-account-id,termination-managed-system-id}
...
Works with Secrets Safe Requests - Create, Update, Get, or Delete
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for requests
{create-request,create,create-request-alias,create-request-set,create-request-sets,get-request-set,get-request-sets,list-requests,list,put-request-approve,approve-request,put-request-checkin,checkin-request,put-request-deny,deny,request-rotate-on-checkin,rotate-on-checkin,terminate-user-request,termination-managed-account-id,termination-managed-system-id}
create-request (create)
Creates a new Request.
create-request-alias
Creates a new release request using an alias.
create-request-set (create-request-sets)
Creates a new Request Set.
get-request-set (get-request-sets)
Returns a list of Requests to which the current user has access.
list-requests (list)
Returns a list of Requests to which the current user has access.
put-request-approve (approve-request)
Approve a Request.
put-request-checkin (checkin-request)
Check-in a Request.
put-request-deny (deny)
Deny a Request.
request-rotate-on-checkin (rotate-on-checkin)
Updates a request to rotate the credentials on check-in/expiry.
terminate-user-request
Terminates a User Request.
termination-managed-account-id
Terminates a Managed Account Request.
termination-managed-system-id
Terminates a Managed System Request.
Create Request
To create a new Request and show output in JSON format, use:
ps-cli -v --format json requests create-request -s-id <MANAGED_SYSTEM_ID> -a-id <MANAGED_ACCOUNT_ID> -d <DURATION_MINUTES> [-app-id <APPLICATION_ID>] [-r <REASON>] [-a-type <ACCESS_TYPE>] [-a-p-id <ACCESS_POLICY_SCHEDULE_ID>] [-c-op <CONFLICT_OPTION>] [-t-sys-id <TICKET_SYSTEM_ID>] [-t-num <TICKET_NUMBER>] [-r-o-c "ROTATE_ON_CHECKIN_FLAG"]
Create Request Alias
To create a new release request using an alias and show output in JSON format, use:
ps-cli -v --format json requests create-request-alias -a-id <MANAGED_ACCOUNT_ALIAS_ID> -d <DURATION_MINUTES> [-r <REASON>] [-a-type <ACCESS_TYPE>] [-a-p-id <ACCESS_POLICY_SCHEDULE_ID>] [-c-op <CONFLICT_OPTION>] [-t-sys-id <TICKET_SYSTEM_ID>] [-t-num <TICKET_NUMBER>] [-r-o-c "ROTATE_ON_CHECKIN_FLAG"]
Create Request Sets
To create a new Request Set and show output in JSON format, use:
ps-cli -v --format json requests create-request-set -a-type <ACCESS_TYPES> -s-id <MANAGED_SYSTEM_ID> -a-id <MANAGED_ACCOUNT_ID> -d <DURATION_MINUTES> [-app-id <APPLICATION_ID>] [-r <REASON>] [-t-sys-id <TICKET_SYSTEM_ID>] [-t-num <TICKET_NUMBER>]
Get Request Sets
To return a list of Request Sets to which the current user has access and show output in JSON format, use:
ps-cli -v --format json requests get-request-set [-s <STATUS>]
List Requests
To return a list of Requests to which the current user has access and show output in JSON format, use:
ps-cli -v --format json requests list-requests [-s <STATUS>] [-q <QUEUE>]
Put Request Approve
To approve a Request, use:
ps-cli requests put-request-approve -r-id <REQUEST_ID> [-re <REASON>]
Put Request CheckIn
To check-in a Request, use:
ps-cli requests put-request-checkin -r-id <REQUEST_ID> [-re <REASON>]
Put Request Deny
To deny a Request, use:
ps-cli requests put-request-deny -r-id <REQUEST_ID> [-re <REASON>]
Request Rotate on Checkin
To update a request to rotate the credentials on check-in/expiry, use:
ps-cli requests request-rotate-on-checkin -r-id <REQUEST_ID>
Terminate User Request
To terminate a User Request, use:
ps-cli requests terminate-user-request -u-id <USER_ID> [-re <REASON>]
Termination Managed Account ID
To terminate a Managed Account Request, use:
ps-cli requests termination-managed-account-id -m-id <MANAGED_ACCOUNT_ID> [-re <REASON>]
Termination Managed System ID
To terminate a Managed System Request, use:
ps-cli requests termination-managed-system-id -s-id <MANAGED_SYSTEM_ID> [-re <REASON>]
Permissions: Permissions management commands
List permissions
To display a list of available permissions management commands, use:
ps-cli permissions list
List user group’s permissions
To return a list of permissions for an user group by ID or user group name, use:
ps-cli permissions get-usergroup-permissions [-name USERGROUP_NAME] [-id USERGROUP_ID]
Set user group’s permissions
To set permissions for the user group referenced by ID or name. The permissions should be provided in the format: "{ 'PermissionID': int, 'AccessLevelID': int }" "..."
ps-cli permissions set-usergroup-permissions -perm PERMISSIONS [PERMISSIONS ...] [-name USERGROUP_NAME] [-id USERGROUP_ID]
Delete all user group’s permissions
To delete all permissions for the user group referenced by ID or name, use:
ps-cli permissions delete-usergroup-permissions [-name USERGROUP_NAME] [-id USERGROUP_ID]
Access Policies: Access Policies management commands
List Password Safe access policies
To display a list of available access policies permissions, use:
ps-cli access-policies list
Tests an access policy:
To test an access policy against a managed system and account. Using managed system ID and account ID, or managed system name and account name, use:
ps-cli access-policies test [-d DURATION_MINUTES] [-a-name ACCOUNT_NAME] [-s-name SYSTEM_NAME]
To test an access policy against a managed system and account. Using managed system ID and account ID, use:
ps-cli access-policies test [-d DURATION_MINUTES] [-a-id ACCOUNT_ID] [-s-id SYSTEM_ID]
Credentials: Credentials management commands
To display a list of available commands for Credentials, use:
ps-cli credentials -h
Output:
usage: ps-cli credentials [-h] {get-credential-by-alias-id,get-by-alias-id,get-credential-by-request-id,get-by-request-id} ...
Works with Secrets Safe Credentials - Get by Request ID or Alias ID
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for credentials
{get-credential-by-alias-id,get-by-alias-id,get-credential-by-request-id,get-by-request-id}
get-credential-by-alias-id (get-by-alias-id)
Returns a credential by Alias ID and Request ID.
get-credential-by-request-id (get-by-request-id)
Returns a credential by Request ID.
Get Credentials by alias ID
To return a credential by Alias ID and Request ID and show output in JSON format, use:
ps-cli -v --format json credentials get-credential-by-alias-id -a <ALIAS_ID> -r <REQUEST_ID> [-t <TYPE_OF_CREDENTIALS>]
Get Credentials by Request ID
To return a credential by Request ID and show output in JSON format, use:
ps-cli -v --format json credentials get-credential-by-request-id -r <REQUEST_ID> [-t <TYPE_OF_CREDENTIALS>]
Access Levels: Access levels management commands
To display a list of available commands for Access levels, use:
ps-cli access-levels -h
Output:
usage: ps-cli access-levels [-h] {list-access-levels,list,set-access-level,set} ...
List or set Access Levels for Beyond Insight.
Requires Beyond Insight Role Management (Read).
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for access-levels
{list-access-levels,list,set-access-level,set}
list-access-levels (list)
Returns a list of Password Safe access levels.
set-access-level (set)
Sets an access level for a usergroup and smart rule.
List Access Levels
To return a list of Access Levels for Beyond Insight and show output in JSON format, use:
ps-cli -v --format json access-levels list-access-levels
Set Access Level
To set an access level for a usergroup and smart rule and show output in JSON format, use:
ps-cli -v --format json access-levels set-access-level -u-g-id <USERGROUP_ID> -s-r-id <SMART_RULE_ID> -a-l-id <ACCESS_LEVEL_ID>
API Registrations: API Registrations management commands
To display a list of available commands for API Registration, use:
ps-cli api-registrations -h
Create an API Registration
To create a new API Registration, use:
ps-cli api-registrations create -type {apikeypolicy,apiaccesspolicy} -n NAME [-x-forwarded-for-rules X_FORWARDED_FOR_AUTHENTICATION_RULES [X_FORWARDED_FOR_AUTHENTICATION_RULES ...]] [-psrun-rules PSRUN_RULES [PSRUN_RULES ...]] [-ip-rules IP_AUTHENTICATION_RULES [IP_AUTHENTICATION_RULES ...]] [-verify-psrun] [-pass-req] [-cert] [-mfa] [-non-vis] [-non-act] [-token-dur ACCESS_TOKEN_DURATION]
List API Registrations
To return a list of all API registrations and show output in JSON format, use:
ps-cli --format json api-registrations list
Delete an API Registrations
To delete an API registration by ID, use:
ps-cli api-registrations delete -id API_REGISTRATION_ID
Get an API Registration
To retrieve the API key for an API Key policy API Registration, use:
ps-cli api-registrations get -id API_REGISTRATION_ID
Get API Key for an API Registration
To retrieve the API key for an API Key policy API Registration, use:
ps-cli api-registrations get-api-key -id API_REGISTRATION_ID
Rotate API Key
To rotate an API key by API Registration ID, use:
ps-cli api-registrations rotate-api-key -id API_REGISTRATION_ID
Update an API Registration
To update an existing API Registration, use:
ps-cli api-registrations update -id API_REGISTRATION_ID [-x-forwarded-for-rules X_FORWARDED_FOR_AUTHENTICATION_RULES [X_FORWARDED_FOR_AUTHENTICATION_RULES ...]] [-psrun-rules PSRUN_RULES [PSRUN_RULES ...]] [-ip-rules IP_AUTHENTICATION_RULES [IP_AUTHENTICATION_RULES ...]] [-verify-psrun] [--no-user-password/--require-user-password] [--no-client-certificate/--require-client-certificate] [--disable-mfa/--enable-mfa] [--is-not-visible/--is-visible] [--is-not-active/--is-active] [-token-duration ACCESS_TOKEN_DURATION] [-reg-type REGISTRATION_TYPE] [-name NAME]
Quick Rules: Quick Rules management commands
To display a list of available commands for Quick Rules, use:
ps-cli quick-rules -h
Create an Quick Rule
To create a new Quick Rule, use:
ps-cli quick-rules create -t TITLE [-ids IDS [IDS ...]] [-rt {ManagedAccount,ManagedSystem}] [-d DESCRIPTION] [-c CATEGORY]
Delete Quick Rule
To delete a Quick Rule by ID or Title, use:
ps-cli quick-rules delete [-t TITLE] [-id QUICK_RULE_ID]
Delete Quick Rule by Organization
To delete a Quick Rule by organization ID and title, use:
ps-cli quick-rules delete-by-org -t TITLE -o-id ORGANIZATION_ID
Get a Quick Rule
To return a quick rule by ID or Title, use:
ps-cli quick-rules get [-t TITLE] [-id QUICK_RULE_ID]
Get a Quick Rule by Organization
To return a Quick Rule by organization ID and title, use:
ps-cli quick-rules get-by-org -t TITLE -o-id ORGANIZATION_ID
List Quick Rules
To return a list of Quick Rules to which the current user has at least Read access, use:
ps-cli quick-rules list
Adds Accounts to a Quick Rules
To add accounts to a Quick Rule, use:
ps-cli quick-rules add-accounts -id <QUICK_RULE_ID> -a <ACCOUNT_IDS> [-r <REMOVE_PREVIOUS_FLAG]
Smart Rules: Smart Rules management commands
Create with attributes
To create a new Smart Rule with the attributes referenced by ID, use:
ps-cli smart-rules create-with-attributes -t TITLE -attr-ids ATTRIBUTE_IDS [ATTRIBUTE_IDS ...] [--dont-process-immediately] [-d DESCRIPTION] [-c CATEGORY]
Delete a Smart Rule
To delete a Smart Rule by ID or Title, use:
ps-cli smart-rules delete [-t TITLE] [-id SMART_RULE_ID]
Get a Smart Rule
To return a smart rule by ID or Title, use:
ps-cli smart-rules get [-t TITLE] [-id SMART_RULE_ID]
To return a list of assets associated with a Smart Rule, use:
ps-cli smart-rules list-assets -id SMART_RULE_ID [-o OFFSET] [-l LIMIT]
List Smart Rules
To return a list of Smart Rules to which the current user has at least Read access, use:
ps-cli smart-rules list
List Smart Rules by User Group
To return a list of Smart Rules associated with a User Group, use:
ps-cli smart-rules list-by-user-group -ug-id USER_GROUP_ID
Process/Run Smart Rule
To process a Smart Rule by ID, use:
ps-cli smart-rules run -id SMART_RULE_ID [-q]
EPM Policies: EPM Policies commands
Add an application to policy
Edits a policy to add an application, and updates this policy in the BeyondInsight database. Touches the LastModifiedDate to indicate that a change is made. Updated policy is deployed to agents per the usual process in BeyondInsight. Use:
ps-cli epm-policies add-app --publisher PUBLISHER --path PATH -n NAME -g GROUP_NAME -p POLICY_ID [--children-inherit-token]
Subscriptions Delivery: Subscription Delivery management commands
List
To return a list of IDs for all subscription deliveries that a user has access to, use:
ps-cli subscriptions-delivery list
Administrators have access to all deliveries while other users only have access to deliveries they created.
Download
To return the subscription delivery for the requested id, use:
ps-cli subscriptions-delivery download -id REQUEST_ID
Applications: Applications commands
Assign application to managed account
To assign an application to a managed account, use:
ps-cli applications assign-to-managed-account -app-id APPLICATION_ID -account-id ACCOUNT_ID
Get application by ID
To return an application by ID, use:
ps-cli applications get -id APPLICATION_ID
List managed account applications
To return applications associated with a managed account, use:
ps-cli applications get-managed-account-apps -account-id ACCOUNT_ID
List applications
To return a list of all applications, use:
ps-cli applications list
Remove application from managed account
To remove an application from a managed account, use:
ps-cli applications remove-from-managed-account -app-id APPLICATION_ID -account-id ACCOUNT_ID
Unassign all applications
To unassign all applications from a managed account, use:
ps-cli applications unassign-all-from-managed-account -account-id ACCOUNT_ID
Operating Systems: Operating Systems commands
List operating systems
To return a list of operating systems, use:
ps-cli operating-systems list
Ticket Systems: Ticket Systems commands
List ticket systems
To return a list of ticket systems, use:
ps-cli ticket-systems list
Sessions: Sessions management commands
To display a list of available commands for sessions, use:
ps-cli sessions -h
Output:
usage: ps-cli sessions [-h] {create-session,create-session-admin,get-session-by-id,list-sessions,list} ...
Secrets Safe Sessions functionality.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for sessions
{create-session,create-session-admin,get-session-by-id,list-sessions,list}
create-session Creates a new session.
create-session-admin
Creates a new session for administrators.
get-session-by-id Returns a session by ID.
list-sessions (list)
Returns a list of sessions to which the current user has access.
List Sessions
To display a list of Session for Beyond Insight and shows output in JSON format, use:
ps-cli -v --format json sessions list
Get Session by ID
To return a session by ID and show output in JSON format, use:
ps-cli -v --format json sessions get-session-by-id -id <SESSION_ID>
Create a Session
To create a new session and show output in JSON format, use:
ps-cli -v --format json sessions create-session -r-id <REQUEST_ID> -type <SESSION_TYPE> [-n <NODE_ID>]
Create a Session Admin
To create a new session for administrators and show output in JSON format, use:
ps-cli -v --format json sessions create-session-admin -type <SESSION_TYPE> -h-n <HOST_NAME> -u-n <USERNAME> -psw <PASSWORD> [-p <PORT_NUMBER>] [-d-n <DOMAIN_NAME>] [-r <REASON>] [-re <RESOLUTION>] [-r-a-s "RDP_ADMIN_SWITCH_FLAG"] [-s-si "SMART_SIZING_FLAG"] [-n <NODE_ID>] [-rec-off "RECORD_OFF_FLAG"]
Session Termination: Session termination management commands
To display a list of available commands using session termination, use:
ps-cli session-termination -h
Output:
usage: ps-cli session-termination [-h]
{terminate-session,terminate,terminate-session-by-managed-account-id,terminate-by-managed-account-id,terminate-session-by-managed-system-id,terminate-by-managed-system-id}
...
Secrets Safe Session Termination functionality.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for session-termination
{terminate-session,terminate,terminate-session-by-managed-account-id,terminate-by-managed-account-id,terminate-session-by-managed-system-id,terminate-by-managed-system-id}
terminate-session (terminate)
Terminates a session by ID.
terminate-session-by-managed-account-id (terminate-by-managed-account-id)
Terminates a session by managed account ID.
terminate-session-by-managed-system-id (terminate-by-managed-system-id)
Terminates a session by managed system ID.
Terminate a Session
To terminate a session by ID and show output in JSON format, use:
ps-cli -v --format json session-termination terminate-session -id <SESSION_ID>
Terminate a Session by Managed Account ID
To terminate a session by managed account ID and show output in JSON format, use:
ps-cli -v --format json session-termination terminate-session-by-managed-account-id -id <MANAGED_ACCOUNT_ID>
Terminate a Session by Managed System ID
To terminate a session by managed system ID and show output in JSON format, use:
ps-cli -v --format json session-termination terminate-session-by-managed-system-id -id <MANAGED_SYSTEM_ID>
Session Locking: Session locking management commands
To display a list of available commands using session locking, use:
ps-cli session-locking -h
Output:
usage: ps-cli session-locking [-h]
{lock-session,lock,lock-session-by-managed-account-id,lock-by-managed-account-id,lock-session-by-managed-system-id,lock-by-managed-system-id} ...
Secrets Safe Session Locking functionality.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for session-locking
{lock-session,lock,lock-session-by-managed-account-id,lock-by-managed-account-id,lock-session-by-managed-system-id,lock-by-managed-system-id}
lock-session (lock)
Locks a session by ID.
lock-session-by-managed-account-id (lock-by-managed-account-id)
Locks a session by managed account ID.
lock-session-by-managed-system-id (lock-by-managed-system-id)
Locks a session by managed system ID.
Lock Session
To lock a session by ID and show output in JSON format, us:
ps-cli -v --format json session-locking lock-session -id <SESSION_ID>
Lock Session by Managed Account ID
To lock a session by managed account ID and show output in JSON format, use:
ps-cli -v --format json session-locking lock-session-by-managed-account-id -id <MANAGED_ACCOUNT_ID>
Lock Session by Managed System ID
To lock a session by managed system ID and show output in JSON format, use:
ps-cli -v --format json session-locking lock-session-by-managed-system-id -id <MANAGED_SYSTEM_ID>
Attribute Types: Attribute types management commands
To display a list of available commands using attribute types, use:
ps-cli attribute-types -h
Output:
usage: ps-cli attribute-types [-h]
{create-attribute-type,create,delete-attribute-type-by-id,delete,get-attribute-type-by-id,get-id,list-attribute-types,list}
...
List or set Attribute Types for Beyond Insight.
Requires Beyond Insight Role Management (Read/Write).
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for attribute-types
{create-attribute-type,create,delete-attribute-type-by-id,delete,get-attribute-type-by-id,get-id,list-attribute-types,list}
create-attribute-type (create)
Creates a new attribute type.
delete-attribute-type-by-id (delete)
Deletes a specific attribute type by ID.
get-attribute-type-by-id (get-id)
Retrieves a specific attribute type by ID.
list-attribute-types (list)
Returns a list of Password Safe attribute types.
List Attribute Types
To return a list of Password Safe attribute types and show output in JSON format, us:
ps-cli -v --format json attribute-types list-attribute-types
Get Attribute Type by ID
To retrieve a specific attribute type by ID and show output in JSON format, use:
ps-cli -v --format json attribute-types get-attribute-type-by-id -id <ATTRIBUTE_TYPE_ID>
Create Attribute Type
To create a new attribute type and show output in JSON format, use:
ps-cli -v --format json attribute-types create-attribute-type -n <NAME>
Delete Attribute Type
To delete a specific attribute type by ID and show output in JSON format, use:
ps-cli -v --format json attribute-types delete-attribute-type-by-id -id <ATTRIBUTE_TYPE_ID>
Attributes: Attributes management commands
To display a list of available commands using attributes, use:
ps-cli attributes -h
Output:
usage: ps-cli attributes [-h]
{delete-attribute-by-id,delete-by-id,delete-attributes-by-managed-account-id,delete-attributes-by-managed-account-id-attribute-id,delete-attributes-by-managed-system-id,delete-attributes-by-managed-system-id-attribute-id,get-attribute-by-id,get-by-id,get-attributes-by-managed-account-id,get-attributes-by-managed-system-id,get-attributes-by-type-id,get-by-type-id,post-attribute-by-managed-account-id,post-attribute-by-managed-system-id,post-attribute-by-type-id,create-by-type-id}
...
List, create, set and delete Attributes for Beyond Insight.
Requires BeyondInsight/Password Safe Role Management (Read/Write).
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for attributes
{delete-attribute-by-id,delete-by-id,delete-attributes-by-managed-account-id,delete-attributes-by-managed-account-id-attribute-id,delete-attributes-by-managed-system-id,delete-attributes-by-managed-system-id-attribute-id,get-attribute-by-id,get-by-id,get-attributes-by-managed-account-id,get-attributes-by-managed-system-id,get-attributes-by-type-id,get-by-type-id,post-attribute-by-managed-account-id,post-attribute-by-managed-system-id,post-attribute-by-type-id,create-by-type-id}
delete-attribute-by-id (delete-by-id)
Deletes a specific attribute by ID.
delete-attributes-by-managed-account-id
Deletes all attributes for a specific managed account ID.
delete-attributes-by-managed-account-id-attribute-id
Deletes a managed account attribute by managed account ID and attribute ID.
delete-attributes-by-managed-system-id
Deletes all attributes for a specific managed system ID.
delete-attributes-by-managed-system-id-attribute-id
Deletes a managed system attribute by managed system ID and attribute ID.
get-attribute-by-id (get-by-id)
Retrieves a specific attribute by ID.
get-attributes-by-managed-account-id
Retrieves all attributes for a specific managed account ID.
get-attributes-by-managed-system-id
Retrieves all attributes for a specific managed system ID.
get-attributes-by-type-id (get-by-type-id)
Retrieves all attributes for a specific attribute type ID.
post-attribute-by-managed-account-id
Assign a new attribute for a specific managed account ID.
post-attribute-by-managed-system-id
Assign a new attribute for a specific managed system ID.
post-attribute-by-type-id (create-by-type-id)
Creates a new attribute for a specific attribute type ID
Delete Attribute by ID
To delete a specific attribute by ID and show output in JSON format, use:
ps-cli -v --format json attributes delete-attribute-by-id -id <ATTRIBUTE_ID>
Delete Attributes by Managed Account ID
To retrieve all attributes for a specific managed account ID and shows output in JSON format, use:
ps-cli -v --format json attributes delete-attributes-by-managed-account-id -id <MANAGED_ACCOUNT_ID>
Delete Managed Account Attribute by Managed Account ID and Attribute ID
To delete a managed account attribute by managed account ID and attribute ID and then show output in JSON format, use:
ps-cli -v --format json attributes delete-attributes-by-managed-account-id-attribute-id -id <MANAGED_ACCOUNT_ID> -a-id <ATTRIBUTE_ID>
Delete All Attributes by Managed System ID
To delete all attributes for a specific managed system ID and show output in JSON format, use:
ps-cli -v --format json attributes delete-attributes-by-managed-system-id -id <MANAGED_SYSTEM_ID>
Delete Managed System Attribute by Managed System ID and Attribute ID
To delete a managed system attribute by managed system ID and attribute ID, and then show output in JSON format, use:
ps-cli -v --format json attributes delete-attributes-by-managed-system-id-attribute-id -id <MANAGED_SYSTEM_ID> -a-id <ATTRIBUTE_ID>
Get Attribute by ID
To retrieve a specific attribute by ID and show output in JSON format, use:
ps-cli -v --format json attributes get-attribute-by-id -id <ATTRIBUTE_ID>
Get Attributes by Managed Account ID
To retrieve all attributes for a specific managed account ID and show output in JSON format, use:
ps-cli -v --format json attributes get-attributes-by-managed-account-id -id <MANAGED_ACCOUNT_ID>
Get Attributes by Managed System ID
To retrieve all attributes for a specific managed system ID and show output in JSON format, use:
ps-cli -v --format json attributes get-attributes-by-managed-system-id -id <MANAGED_SYSTEM_ID>
Get Attributes by Type ID
To retrieve all attributes for a specific attribute type ID and show output in JSON format, use:
ps-cli -v --format json attributes get-attributes-by-type-id -id-a-t <ATTRIBUTE_TYPE_ID>
Assign Attribute to Managed Account
To assign a new attribute for a specific managed account ID and show output in JSON format, use:
ps-cli -v --format json attributes post-attribute-by-managed-account-id -id <MANAGED_ACCOUNT_ID> -a-id <ATTRIBUTE_ID>'
Assign Attribute to Managed System
To assign a new attribute for a specific managed system ID and show output in JSON format, use:
ps-cli -v --format json attributes post-attribute-by-managed-system-id -id <MANAGED_SYSTEM_ID> -a-id <ATTRIBUTE_ID>'
Create Attribute by Type ID
To create a new attribute for a specific attribute type ID and show output in JSON format, use:
ps-cli -v --format json attributes post-attribute-by-type-id -id-a-t <ATTRIBUTE_TYPE_ID> -s-n <SHORT_NAME> -l-n <LONG_NAME> [-d <DESCRIPTION>] [-p-a-id <PARENT_ATTRIBUTE_ID>] [-v-i <VALUE_INT>]
Aliases: Alisases management commands
To display a list of available commands for Aliases, use:
ps-cli aliases -h
Output:
usage: ps-cli aliases [-h] {get-alias-by-id-name,get,list-aliases,list} ...
Controller for managing aliases.
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for aliases
{get-alias-by-id-name,get,list-aliases,list}
get-alias-by-id-name (get)
Retrieves an alias by its ID or Name.
list-aliases (list)
Lists all aliases, optionally filtered by state.
List Aliases
To return a list of Aliases and show output in JSON format, use:
ps-cli -v --format json aliases list [-s <STATE>]
Get Aliases by ID or Name
To retrieve an alias by its ID or Name and show output in JSON format, use:
ps-cli -v --format json aliases get [-id <ID_ALIAS>] [-name <NAME_ALIAS>]
DSS Key Policies: DSS Key Policies management commands
Get DSS Key Policy by ID
To retrieve a DSS Key Policy by its ID and show output in JSON format, use:
ps-cli -v --format json dss-key-policies get-dss-key-policy-by-id -id <ID_POLICY>
List DSS Key Policies
To list all DSS Key Policies and show output in JSON format, use:
ps-cli -v --format json dss-key-policies list-dss-key-policies
Propagation Action Types: Propagation Action Types management commands
To display a list of available commands for Propagation Action Types, use:
ps-cli propagation-action-types -h
Output:
usage: ps-cli propagation-action-types [-h] {list-propagation-action-types,list} ...
Controller for managing Propagation Action Types.
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for propagation-action-types
{list-propagation-action-types,list}
list-propagation-action-types (list)
Lists all Propagation Action Types.
List Propagation action types
To list all Propagation Action Types and show output in JSON format, use:
ps-cli -v --format json propagation-action-types list-propagation-action-types
Propagation Actions: Propagation Actions management commands
To display a list of available commands for Propagation Actions, use:
ps-cli propagation-actions -h
Output:
usage: ps-cli propagation-actions [-h]
{delete-propagation-action-from-managed-account,delete-from-managed-account,delete-propagation-action-from-managed-account-by-action-id,delete-from-managed-account-by-action-id,get-propagation-action-by-id,get,get-propagation-action-by-managed-account-id,get-by-managed-account,list-propagation-actions,list,post-propagation-action-to-managed-account,post-to-managed-account}
...
Controller for managing Propagation Actions.
Requires Password Safe Secrets Safe License.
Requires Password Safe SecretsSafe Read for Get, Read/Write for all others.
options:
-h, --help show this help message and exit
subcommands:
Subcommands available for propagation-actions
{delete-propagation-action-from-managed-account,delete-from-managed-account,delete-propagation-action-from-managed-account-by-action-id,delete-from-managed-account-by-action-id,get-propagation-action-by-id,get,get-propagation-action-by-managed-account-id,get-by-managed-account,list-propagation-actions,list,post-propagation-action-to-managed-account,post-to-managed-account}
delete-propagation-action-from-managed-account (delete-from-managed-account)
Unassigns all propagation actions from the managed account by ID.
delete-propagation-action-from-managed-account-by-action-id (delete-from-managed-account-by-action-id)
Unassigns a propagation action from the managed account by ID.
get-propagation-action-by-id (get)
Gets a Propagation Action by ID.
get-propagation-action-by-managed-account-id (get-by-managed-account)
Gets a Propagation Action by Managed Account ID.
list-propagation-actions (list)
Lists all Propagation Actions.
post-propagation-action-to-managed-account (post-to-managed-account)
Assigns a propagation action to the managed account referenced by ID.
Delete Propagation Actions from Managed Account
To unassign all propagation actions from the managed account by ID and show output in JSON format, use:
ps-cli -v --format json propagation-actions delete-propagation-action-from-managed-account -id <MANAGED_ACCOUNT_ID>
Delete Propagation Action from Managed Account by Action ID
To unassign a specific propagation action from the managed account by ID and show output in JSON format, use:
ps-cli -v --format json propagation-actions delete-propagation-action-from-managed-account-by-action-id -id <MANAGED_ACCOUNT_ID> -pa <PROPAGATION_ACTION_ID>
Get Propagation Action by ID
To get a Propagation Action by its ID and show output in JSON format, use:
ps-cli -v --format json propagation-actions get-propagation-action-by-id -id <ACTION_ID>
Get Propagation Actions by Managed Account ID
To get all Propagation Actions for a managed account by ID and show output in JSON format, use:
ps-cli -v --format json propagation-actions get-propagation-action-by-managed-account-id -id <MANAGED_ACCOUNT_ID>
List Propagation Actions
To list all Propagation Actions and show output in JSON format, use:
ps-cli -v --format json propagation-actions list-propagation-actions
Assign Propagation Action to Managed Account
To assign a propagation action to the managed account referenced by ID and show output in JSON format, use:
ps-cli -v --format json propagation-actions post-propagation-action-to-managed-account -id <MANAGED_ACCOUNT_ID> -pa <PROPAGATION_ACTION_ID> [-s-r-id <SMART_RULE_ID>]
Raw commands
Send raw HTTP requests to the API.
You can print a JSON response, if available.
ps-cli raw <HTTP_VERB> <ENDPOINT> [JSON_PAYLOAD]
- Positional arguments
- {GET,POST,PUT,DELETE}: HTTP verb to use (GET, POST, PUT, DELETE)
- Endpoint: API endpoint to call (that is, Secrets-Safe/Folders/)
- Payload: Optional JSON payload (that is: '{"key": "value"}')
List folders
ps-cli raw GET Secrets-Safe/Folders
Create a new folder
ps-cli raw POST Secrets-Safe/Folders '{"Name": "MyFolderName","ParentId": "guid"}'
Lift safes
ps-cli raw GET Secrets-Safe/safes/
Updated about 13 hours ago
