psPAS is a PowerShell interface for the CyberArk REST Web Services.
psPAS sends requests to , and receives data from, a CyberArk Privileged Access Security Web Service.
It issues commands to the Web Service allowing a user to issue create, list, modify and delete operations to be
performed against entities in a Privileged Access Security solution from either a PowerShell console or script.
To use psPAS, access to a CyberArk Privileged Access Security Web Service, as well as a user account with which to
authenticate to the Web Service is required.
The version of the CyberArk Web Service will determine which of the modules functions, or in certain use cases,
which parameters or parametersets of specific functions can be used. The following table lists module compatibility
against CyberArk version:
Authentication to the Web Service must take place before any other commands can be issued, every
subsequent call to the web service requires the resulting authorization token returned upon successful logon.
PS C:\> New-PASSession -Credential $VaultCredentials -BaseURI https://PVWA_URL
Successful authentication with New-PASSession results in the required authorization token value being made available to all subsequent calls to the API
All functions of the module accept pipeline input, allowing chains of commands to be created.
Find and update a user:
PS C:\> Get-PASAccount pete | Set-PASAccount -Address 10.10.10.10 -UserName pspete
Activate a Suspended CyberArk User:
PS C:\> Get-PASUser PebKac | Unblock-PASUser -Suspended $false
Add a User to a group:
PS C:\> Get-PASUser -UserName User | Add-PASGroupMember Group
Update Version Retention on all Safes:
PS C:\> Get-PASSafe | Set-PASSafe -NumberOfVersionsRetention 25