toolbox icon indicating copy to clipboard operation
toolbox copied to clipboard
verified publisher icon royalapplications

Not all secrets showing with SecretServer

Open moseala55 opened this issue 3 years ago • 8 comments

Connected and authenticated to on prem SecretServer just fine. Not all secrets that I know and have verified I have access too, including secrets that I have created are showing. "Personal Folder" does not show in the list as well. When refreshing the dynamic folder, I do get an information error in the bottom left saying "Some tokens couldn't be resolved".

moseala55 avatar Feb 02 '22 21:02 moseala55

Please post a screenshot of the full error message. Also, there's a limit on how many entries should be returned by the API. How many are you expecting approximately?

lemonmojo avatar Feb 03 '22 05:02 lemonmojo

2022-02-03_8-20-24 Screenshot of the log uploaded. We have 5,817 items in our SecretServer. If that is to many entries to be returned, how would I limit the script to pull from specific folders?

moseala55 avatar Feb 03 '22 14:02 moseala55

Please try adjusting the value on line 103 of the script as follows: "paging.take" = 1000;

you can also pick a different number, which suits your needs. ​

st9rm1337 avatar Feb 04 '22 08:02 st9rm1337

Increasing the value seems to show more if not all the credentials and nested folders (as far as I can tell). However I still get notified that some tokens couldn't be resolved. I have it set at 20000, but increased to 20000 by adding 1000 to the value. While I can see more credentials, it does cause the application to lock up upon start up as it reloads the folder. Is there anyway to limit the scrip to pull from only a specific folder?

moseala55 avatar Feb 11 '22 13:02 moseala55

@moseala55 Yes, you can filter the secrets by certain criteria, including the folder ID. To do so, you'll want to modify the request body that is sent to the secret server from line 102 to 104 of the dynamic folder script.

By default, the body looks like this:

$secretsRequestBody = @{
  "paging.take" = 1000;
}

To include only secrets from a specific folder ID, you would adjust those lines like so:

$secretsRequestBody = @{
  "paging.take" = 1000;
  "filter.folderId" = 123;
}

For more information on the supported filter criteria, please see Thycotic's Rest API documentation.

lemonmojo avatar Feb 14 '22 11:02 lemonmojo

@moseala55 Did you get the chance to test the suggestion in my last reply?

lemonmojo avatar Mar 14 '22 16:03 lemonmojo

Hello, We have the same issue. We use the secret server and our secrets are 5500. I changed the number on the script to 20000 and i still cannot see everything. Is there a different explanation?

jpitpol avatar Dec 01 '22 15:12 jpitpol

Also, the "filter.folderId" = 123; does not work.

jpitpol avatar Dec 05 '22 11:12 jpitpol