< Back
Invoke-PANKeyGen
Post
NAME Invoke-PANKeyGen
SYNOPSIS
This stores api keys tied to tags/addresses
Remember, this is basically a encrypted representation of the username and password that a firewall with the same
master key can decrypt and use, so if you change the password, this muct also change
SYNTAX
Invoke-PANKeyGen [[-StorageMeathod] <String>] [-SkipCertificateCheck] [[-Tag] <String>] [[-Path] <String>]
[-Addresses] <String[]> [-Credential] <PSCredential> [<CommonParameters>]
DESCRIPTION
In pan-python, the keys are stored in the clear in a file called .panrc in the users home folder
I like this idea, but windows allows me to store in a secure string format that allows only the user/pc
combination to retrieve the key
I want to allow users to colaborate/share keys it can be frustrating when using scheduled tasks and/or multiple
PCs
With this change in formatting, reusing the .panrc file would cause conflict, so I will use panrc.xml
PARAMETERS
-StorageMeathod <String>
API_Key - Clear key like pan-python
SecureAPI_Key - Secured with Windows secure string tied to the user/pc
<not implemented> SharedSecureAPI_Key - Secured, but using a shared secret that can be stored for the user/pc
combination
Required? false
Position? 1
Default value SecureAPI_Key
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateCheck [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Tag <String>
This is the shortname to use to reference auth information and addresses
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to the file to store data, check current directory, otherwise use profile directory
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Addresses <String[]>
This is a set of addresses to run the command on, The firewalls must have the same master key for this to work
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
This is a user account to just use
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Author: Steve Borba https://github.com/sjborbajr/PAN-Power
Last Edit: 2019-04-05
Version 1.0 - initial release
Version 1.0.1 - Updating descriptions and formatting
Version 1.0.3 - update manditory fields
Version 1.0.4 - Update to use HOME on linux
Version 1.0.5 - Add SkipCertificateCheck for pwsh 6+
Version 1.0.6 - added Edit config and commit and cert check skip for 5
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>The example below get a Key from 192.0.2.1 and stores it in a group called AllEdge along with the three
addresses associated
PS C:\\> Invoke-PANKeyGen -Tag 'AllEdge' -Addresses @('192.0.2.1','198.51.100.1','203.0.113.1')
RELATED LINKS
SYNOPSIS
This stores api keys tied to tags/addresses
Remember, this is basically a encrypted representation of the username and password that a firewall with the same
master key can decrypt and use, so if you change the password, this muct also change
SYNTAX
Invoke-PANKeyGen [[-StorageMeathod] <String>] [-SkipCertificateCheck] [[-Tag] <String>] [[-Path] <String>]
[-Addresses] <String[]> [-Credential] <PSCredential> [<CommonParameters>]
DESCRIPTION
In pan-python, the keys are stored in the clear in a file called .panrc in the users home folder
I like this idea, but windows allows me to store in a secure string format that allows only the user/pc
combination to retrieve the key
I want to allow users to colaborate/share keys it can be frustrating when using scheduled tasks and/or multiple
PCs
With this change in formatting, reusing the .panrc file would cause conflict, so I will use panrc.xml
PARAMETERS
-StorageMeathod <String>
API_Key - Clear key like pan-python
SecureAPI_Key - Secured with Windows secure string tied to the user/pc
<not implemented> SharedSecureAPI_Key - Secured, but using a shared secret that can be stored for the user/pc
combination
Required? false
Position? 1
Default value SecureAPI_Key
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateCheck [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Tag <String>
This is the shortname to use to reference auth information and addresses
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Path <String>
Path to the file to store data, check current directory, otherwise use profile directory
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Addresses <String[]>
This is a set of addresses to run the command on, The firewalls must have the same master key for this to work
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
This is a user account to just use
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Author: Steve Borba https://github.com/sjborbajr/PAN-Power
Last Edit: 2019-04-05
Version 1.0 - initial release
Version 1.0.1 - Updating descriptions and formatting
Version 1.0.3 - update manditory fields
Version 1.0.4 - Update to use HOME on linux
Version 1.0.5 - Add SkipCertificateCheck for pwsh 6+
Version 1.0.6 - added Edit config and commit and cert check skip for 5
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>The example below get a Key from 192.0.2.1 and stores it in a group called AllEdge along with the three
addresses associated
PS C:\\> Invoke-PANKeyGen -Tag 'AllEdge' -Addresses @('192.0.2.1','198.51.100.1','203.0.113.1')
RELATED LINKS