Import Passwords from Thycotic Secret Server into Passwordstate

With the use of the Passwordstate API, it’s possible to import Secret Server data using the XML export option Thycotic provide.

The following documentation has been tested using Secret Server version 10.5.000003, and it would be unlikely Thycotic’s Password Templates and XML export feature would be different in other builds. We also recommend following this forum article to quickly backup and restore your database, in case you experience any errors during the import process – https://www.clickstudios.com.au/community/index.php?/topic/2480-sql-script-to-quickly-backup-and-restore-passwordstate-database/

Field Mappings
Secret Server handles fields differently to Passwordstate, in that they provide a per password record Template of different types (25 in total). Passwordstate uses Password List Templates instead, and the following instructions will use 5 different Templates for the import. Please be aware, you must be using Passwordstate Build 8652 or above for this process, as it has changes to Password List Templates required for this process.

Below in the instructions where you download the file ‘Import-Secret-Server-XML.zip’, this includes an Excel spreadsheet called ‘SecretServer_Passwordstate_FieldMappings.xlsx’. This spreadsheet documents the field mapping from the various Secret Server Password Templates, to the Passwordstate Password List Templates. The only Secret Server template which will not be imported is ‘Contact’, due to Secret Server exceeding the maximum number of Generic Fields Passwordstate supports.

Exporting from Secret Server:

To export your Secret Server data in XML format, please use the screenshots below for guidance. Please save the XML file locally somewhere on your PC, for access further down in the instructions.

Preparing Passwordstate for the import:

  • In Passwordstate, on the screen Administration -> Password List Templates, you need to edit each of the Templates listed in the dot points below to turn off the option “Prevent saving of Password Record if a ‘Bad’ password is detected” – if this step is missed, your import may fail due to Bad Password detection:
    • Credit Cards
    • Software Licenses
    • SSH Account (Password + Key Storage)
    • Standard Password List
    • Web Site Logins

Import Data

To import the exported XML file above, please follow these instructions:

  • Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys. If you need to, you can generate a new one, and please click the ‘Save’ button on this screen if you do


  • Extract the Zip file to the same path as where you exported your XML file
  • Open PowerShell ISE as ‘Administrator’, and open the file ‘Import-SecretServer-XML.ps1’
  • Update the field variables at the top of the script with appropriate values (see screenshot below) – please specify your UserID here that you use login to Passwordstate with. Once done, save the changes to the file
  • Now execute the script, and select the exported XML file when prompted

 

  • Once the script has finished executing, you should see a ‘parent’ folder called ‘Secret Server Import’, with relevant Folders, Password Lists, and Password records, as per the screenshot below.


  • Once complete, please go back to each of the Password List Templates within the Administration area, and turn back on the option ‘Prevent saving of Password Record is ‘Bad’ password is detected’ for each Password List Template

Speak Your Mind

*