# akeyless_universal_identity.ps1 Param( [string] $uidToken = "", [string] $gwURL = "", [switch] $Init ) if(Test-Path alias:curl) { Remove-item alias:curl } if([string]::IsNullOrEmpty($gwURL)) { $proxy_url = "https://rest.akeyless.io/" } else { $proxy_url = $gwURL } if($Init -eq $true) { if([string]::IsNullOrEmpty($uidToken)) { $uidToken = Read-Host -Prompt "Universal ID Token" } $sched_task_name = "akeyless_universal_identity_rotator" $token_file = "$HOME\.vault-token" # replace $HOME with user's home directory [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 Write-Host "Starter token received [$uidToken]" if([string]::IsNullOrEmpty($uidToken)) { Write-Host "Error! empty u-token" } else { $uidToken | Out-File $token_file -NoNewline $script_name = "akeyless_universal_identity.ps1" $script_path = "$(Get-Item -Path ".\")\${script_name}" $task_to_run = "powershell -noninteractive -File '${script_path}'" if (schtasks /query | Select-String $sched_task_name -Quiet) # if sched_task already running, delete it first { schtasks /delete /tn $sched_task_name /f } # run sched task every 10 minutes schtasks /create /sc MINUTE /tn $sched_task_name /tr $task_to_run /it /mo 10 #schtasks /create /sc MINUTE /tn $sched_task_name /tr $task_to_run /ru "SYSTEM" /mo 10 Write-Host "AKEYLESS Universal Identity successfully initiated" } } else { $base_dir="$HOME" # replace with user's home directory $token_file="$base_dir\.vault-token" if (!([System.IO.File]::Exists($token_file))) { Write-Host "Error! token file [$token_file] wasn't found" exit 1 } $cur_token=Get-Content -Path $token_file if(Test-Path alias:curl) { Remove-item alias:curl # to avoid conflict with CmdLet Invoke-WebRequest } $cur_token = $cur_token.replace('+','%2b') $res = (curl -s $proxy_url -d "cmd=uid-rotate-token&&uid-token=$cur_token" | Select-String 'ROTATED TOKEN:' | Out-String).Trim() if([string]::IsNullOrEmpty($res)) { Write-Host "Error! empty response" } else { $uidToken = ($res.Split(" ")[2]).replace('[','').replace(']"','') Write-Host "NEW TOKEN: [$uidToken]" if([string]::IsNullOrEmpty($uidToken)) { Write-Host "Error! empty u-token" } else { $uidToken | Out-File $token_file -NoNewline } } }