APIs: GET ManagedAccounts, POST Requests, GET Credentials, PUT Requests/{id}/Checkin
Or: POST ISARequests (for ISA-based access)
Finds an account by name (if necessary), creates a request, then retrieves a password. After printing the password, the request is released (see DoNotRelease parameter).
Important information
RetrievePasswordis affected by the number of approvers. This command works only with Auto Approve, enabled in the Access Policy.
Parameters
- SystemName: The managed system name. Use DatabaseName\InstanceName for databases.
- AccountName: The managed account name. Can use IDs instead of names (but do not mix both).
- Reason: The reason to retrieve a password.
- DurationMinutes (optional): The request duration (in minutes). Default request duration is 10 minutes.
- Type (optional, default: password): The type of credentials to retrieve (password, dsskey).
- DoNotRelease (optional): Do not release created request. Allowed values are DoNotRelease or -p.
Examples
psrun2 $(cat conn) RetrievePassword SystemName AccountName "your reason"
psrun2 $(cat conn) RetrievePassword 1 2 "your reason"
psrun2 $(cat conn) RetrievePassword 1 2 "your reason" 25 password DoNotRelease
psrun2 $(cat conn) RetrievePassword 1 2 "your reason" 25 -p
