Using TppTool from the command line and script files
TppTool is a command-line utility that lets system administrators perform Venafi Platform actions through the command line or script files. It provides administrators with greater flexibility and automation capabilities when managing the platform, especially when dealing with multiple environments or large-scale deployments.
Using the TppTool command, administrators can:
-
Export and import various components of the Venafi Platform configuration, such as objects, attributes, policies, and permissions. This makes it easier to copy settings between environments, back up and restore specific configurations, and generate reports on the current system setup. Please note that TppTool is available in addition to Schematool.exe, which is still available for backward compatibility.
-
Manage the recycle bin, including restoring accidentally deleted objects, permanently deleting all objects or specific items from the recycle bin, and scheduling automatic purge and deletion tasks. Please note that these tasks can also be performed by using Venafi Configuration Console. See Venafi Recycle Bin. TppTool replaces the TPPRecycleBin.exe command.
-
Interact with and manage the Daily Tasks engine, which controls settings across the platform and determines when they will run. TppTool replaces the TPPDailyTasks.exe command.
TppTool syntax
-
The TppTool program is located at:
[InstallDir]\Platform\TppTool.exe. -
To perform specific tasks, type a parameter directly after typing the TppTool command. For instance, TppTool -version. Please note that commands and parameters are not case-sensitive, meaning TppTool -version and TPPTOOL -VERSION are interpreted the same.
-
The characters in brackets [ ] indicate optional parts of a parameter. For example, -v[ersion] means that you can type either -v or -version. Both commands are equivalent. This short-cut syntax can make it quicker and easier to type commands; however, to ensure compatibility with future versions of TppTool, you should use full parameter names when scripting.
-
Command options are additional modifiers that provide further instructions or information to the TPPTool command being executed. For example, -cryptpw=<password> is used to provide the password for encrypting and decrypting XML files, and -username=<name> is used to provide a username for the operation.
TppTool parameters and options
| Parameter | Description |
|---|---|
| Schema information | |
-v[ersion]
|
Display the current schema version. |
| Schema import | |
-i[mport]=<xmlfile>
|
Import schema from file <xmlfile>. |
| Schema export | |
-ex[port]=<xmlfile>
|
Export schema to file <xmlfile>. |
-dn=<dn1,dn2>
|
Only export the DNs in the list (default: \VED\Policy). |
-cl[ass]=<c1,c2>
|
Only export objects of classes in the list (default: all classes). |
-ch[ildren]
|
Export children of children as well. |
-su[bsys]=<IOSCAR>
|
Only export specified subsystems. O=ObjectStore, R=Rights, I=Identity, C=Schema, A=OAuth, S=SecretStore (default:OS) |
| Import and export options | |
cr[yptpw]=<password>
|
Provide the password for encrypting and decrypting xml files. Export will be in cleartext if not provided. |
| Daily Tasks | |
-da[ily]
|
Trigger Daily Tasks action. |
| -n[otify] | If specified, any applicable notifications will be resent when triggering Daily Tasks action. |
| Recycle Bin tasks | |
| -b[in] | Perform the recycle bin action. |
| -con[tents] | Display the contents of the recycle bin. |
| -startp[urge] | Start the nightly recycle bin purge action. |
| -stopp[urge] | Stop the nightly recycle bin purge action. |
| -startd[elete] | Start the nightly recycle bin automatic deletion action. |
| -stopd[elete] | Stop the nightly recycle bin automatic deletion action. |
| -sh[owtasks] | Display information about pending or running recycle bin tasks and actions. |
| -r[estore] | Restore a deleted item from the recycle bin. |
| -em[pty] | Empty the recycle bin. |
| -pu[rge] | Purge a deleted item from the recycle bin. |
| Recycle Bin options | |
| -col[umn] | For -show: Display contents in columns. |
| -g[uid]=<bin-guid> | For -purge/-restore: The GUID of the item to purge or restore. |
| Common options | |
| -u[sername]=<name> | Provide a username. |
| -pa[ssword]=<pass> | Provide a password (prompted if omitted). |