This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Programmatically updating the password manager

Jump to solution
ticalotta
By
Level 4

Hello everyone. Is it possible to update an existing credential in the password manager via command line? My goal is to programmatically update the password manager to accommodate credential vaulting solutions beyond CyberArk. Thanks in advance.

‎Nov 12, 2020 05:27 PM

0 Kudos
(1) Solution

Jump to solution
ChrisG
By Level 20 Flexeran
Level 20 Flexeran
In response to ticalotta

I expect you would also need to use the "--add" option to specify the logical name of the entry to be updated. In other words - I would try using the same command line to update an existing record as you would use to add a new record.

As per the documentation linked to in my previous comment:

If you repeat the command line with the --add parameter and a logical-name that already exists in Password Manager, the existing record is updated.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

‎Nov 15, 2020 06:37 PM

(4) Replies

Jump to solution
ChrisG
By Level 20 Flexeran
Level 20 Flexeran

The mgspswd.exe command line tool (typically found in C:\Program Files (x86)\Flexera Software\Inventory Beacon\RemoteExecutioncan be used on beacons to make updates to the Password Manager.

Here is the output from running mgspswd.exe --help:

Usage: mgspswd.exe [--help] [--list] [--matches] [--reset] [--recrypt]
[--list <logical name>]
[--delete <logical name>]
[--add <logical name>]
[--account <account name>]
[--password <password>]
[--privilege-prefix <prefix>]
[--privilege-password <privilege password >]
[--privilege-password-prompt <privilege password prompt>]
[--type <account type>]
[--privatekeyfile <path>]
[--vault <vault>]
[--cyberark-query <query>]
[--privilege-cyberark-query <query>]
[--filter-names <list>]
[--filter-dnsnames <list>]
[--filter-dnsdomains <list>]
[--filter-netbiosdomains <list>]
[--filter-ipaddresses <list>]
[--filter-macaddresses <list>]
[--filter-oracleservicenames <list>]

Manages passwords in the FlexNet Manager Platform password store.

--help Show this help message.

--list List all passwords within the password store.

--list <logical name>
Prints the password with the specified logical name.

--matches List all passwords within the password store matching a device.

--reset Clear the password store and reset the internal security key.

--recrypt Re-encrypt all passwords using the strongest available algorithm.

--delete <logical name>
Removes the password with the specified logical name from the password store.

--add <logical name>
Add a new password with the specified logical name and account name.

--account <account name>
Specify the account to use. This is only used with the --add option.

--password <password>
Specify the password to use. This is only used with the --add option.

--privilege-prefix <prefix>
Specify a prefix used to execute privileged commands on the device.
UNIX/Linux only. This is only used with the --add option.
Example: sudo

--privilege-password <privilege password>
Specify a password that will be used to elevate privileges on the
device.
UNIX/Linux only. This is only used with the --add option.

--privilege-password-prompt <privilege password prompt>
Specify a prompt to match before issuing password for privilege
escalation.
UNIX/Linux only. This is only used with the --add option.

--type <account type>
Specify the account type. This is only used with the --add and --matches
options. Valid values are:

WindowsLocal - Local account on windows managed device
WindowsDomain - Windows domain account
SSHPassword - SSH account (password)
SSHKeyPair - SSH account (key pair)
VMwareESX - Account on VMware ESX server
VMwareVirtualCenter - Account on VMware VirtualCenter
OracleListener - Password for Oracle listener
OracleDatabase - Account on Oracle database
OracleVMManagerApiAccess - Oracle VM Manager API account

--privatekeyfile <path>
Specify the path to the file that contains your private key.
The key will be imported and a public/private key pair generated.
This is only used with the --add option.

--vault <vault>
Specify "CyberArk" to use the CyberArk vault for credentials, or
"FlexNetBeacon" to use the local vault on the inventory beacon.

CyberArk options:
If specified the password store will retrieve credentials from the
CyberArk safe.
The vault type should be specified as CyberArk to use CyberArk options.

--cyberark-query <query>
The query string must uniquely identify a single credential
saved in CyberArk

--privilege-cyberark-query <query>
The query identifies the password for elevating privilege on a
UNIX-like device.

Filtering options:
If specified, filters restrict devices to which the password applies.
If not specified, the password applies to all devices and will be
attempted after passwords that define filters.
To specify filters on the command-line, use the options below.
Filters are only used with the --add and --matches options.
For more information about filters, refer to FlexNet Manager Platform documentation.

--filter-names <list>
Specify a comma-separated list of device names the password applies to.
Example: bob-laptop,bob-desktop

--filter-dnsnames <list>
Specify a comma-separated list of DNS names the password applies to.
Example: bob-laptop.aloha.com,bob-desktop.aloha.com

--filter-dnsdomains <list>
Specify a comma-separated list of DNS domains the password applies to.
Example: aloha.com,hawaii.aloha.com

--filter-netbiosdomains <list>
Specify a comma-separated list of NetBIOS domains the password applies
to.
Example: ALOHA-COM,HAWAII-ALOHA-COM

--filter-ipaddresses <list>
Specify a comma-separated list of IP addresses the password applies to.
Example: 10.10.10.1,10.10.10.2

--filter-macaddresses <list>
Specify a comma-separated list of MAC addresses the password applies
to. Both Windows and UNIX formats are valid.
Example: 00:01:b0:c4:e6:10,00-AF-F7-CD-F9-10

--filter-oracleservicenames <list>
Specify a comma-separated list of service names the password applies
to. Oracle credentials only (Oracle database, Oracle listener).
Example: Service01A,production-listener-service

See the following page for some more information about this tool: Command-Line Updates to Password Manager

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Nov 13, 2020 02:09 AM

Jump to solution
ticalotta
By
Level 4
In response to ChrisG

Thanks @ChrisG  and @mfranz  for the input. One thing I didn't see in the docs is an "update" function within mgspswd.exe. Is the proper way to overwrite an existing account's password with a new one something like?

mgspswd.exe --account <my account> --password <my new password>

 

‎Nov 13, 2020 08:34 AM

0 Kudos

Jump to solution
ChrisG
By Level 20 Flexeran
Level 20 Flexeran
In response to ticalotta

I expect you would also need to use the "--add" option to specify the logical name of the entry to be updated. In other words - I would try using the same command line to update an existing record as you would use to add a new record.

As per the documentation linked to in my previous comment:

If you repeat the command line with the --add parameter and a logical-name that already exists in Password Manager, the existing record is updated.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Nov 15, 2020 06:37 PM

Jump to solution
mfranz
By Level 17 Champion
Level 17 Champion

Hi,

C:\Program Files (x86)\Flexera Software\Inventory Beacon\RemoteExecution>mgspswdw.exe -?

will open a list of parameters:

2020-11-13_09h13_01.png

Best regards,

Markward

‎Nov 13, 2020 02:13 AM