Generates a Magic Dash widget to display any passwords that have not been updated in the last 6 months (default).
Features
Displays password health percentage on Company dashboard
If password health is >50%, displays as green; if <50%, displays as red
Provides last update date and link to stale password inside of Hudu.
# stale_passwords.ps1
#
# -------------------------------------------------------------------------
# User Environment
# -------------------------------------------------------------------------
# Before starting, you'll need to set 3 variables, just below their explanations.
# 1. Set your Azure Key Vault name
# 2. Set the name of your secret (which holds Hudu API key)
# 3. Set the URL of your Hudu instance-
$AzVault_Name = "ENTER YOUR KEY VAULT NAME HERE"
$AzVault_HuduSecretName = "ENTER YOUR KEY VAULT SECRET NAME HERE"
$HuduBaseURL = "HTTPS://YOUR.HUDU.DOMAIN"
# Timeframe for stale passwords (adjust as needed)
$MonthsOld = 6
$StaleThresholdDate = (Get-Date).AddMonths(-$MonthsOld)
# -------------------------------------------------------------------------
# Init Modules and Sign-In
# -------------------------------------------------------------------------
foreach ($module in @('Az.KeyVault', 'HuduAPI')) {
if (Get-Module -ListAvailable -Name $module) {
Write-Host "Importing module, $module...";
Import-Module $module
} else {
Write-Host "Installing and importing module $module...";
Install-Module $module -Force -AllowClobber;
Import-Module $module
}
}
if (-not (Get-AzContext)) {
Connect-AzAccount
}
# Configure Hudu API connection
New-HuduAPIKey "$(Get-AzKeyVaultSecret -VaultName "$AzVault_Name" -Name "$AzVault_HuduSecretName" -AsPlainText)"
New-HuduBaseUrl $HuduBaseURL
# -------------------------------------------------------------------------
# Fetch and Process Companies
# -------------------------------------------------------------------------
$AllCompanies = Get-HuduCompanies
foreach ($Company in $AllCompanies) {
$CompanyName = $Company.name
$CompanyId = $Company.id
Write-Host "Processing password health for $CompanyName (ID: $CompanyId)..." -ForegroundColor Cyan
# Fetch passwords for the company
$AllPasswords = Get-HuduPasswords | Where-Object { $_.company_id -eq $CompanyId }
$StalePasswords = $AllPasswords | Where-Object { $_.updated_at -lt $StaleThresholdDate }
$TotalPasswords = $AllPasswords.Count
$StaleCount = $StalePasswords.Count
# Calculate health percentage
$HealthPercentage = if ($TotalPasswords -gt 0) { [math]::Round(((1 - ($StaleCount / $TotalPasswords)) * 100), 2) } else { 100 }
# Generate widget message
$Message = "$HealthPercentage%"
# Generate widget content
$Content = "<h3>Stale Passwords (Older than $MonthsOld months)</h3>"
$Content += "<table><tr><th>Name</th><th>Last Updated</th><th>Link</th></tr>"
foreach ($Password in $StalePasswords | Sort-Object -Property updated_at) {
$PasswordUrl = "$HuduBaseURL/passwords/$($Password.slug)"
$Content += "<tr><td>$($Password.name)</td><td>$($Password.updated_at)</td><td><a href='$PasswordUrl' target='_blank'>View</a></td></tr>"
}
$Content += "</table>"
$Content += "<p>Total Passwords: $TotalPasswords</p>"
$Content += "<p>Stale Passwords: $StaleCount</p>"
$Content += "<p><em>Script executed on $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss').</em></p>"
# Determine widget color
$WidgetColor = if ($HealthPercentage -ge 50) { "success" } else { "danger" }
# Update the Magic Dash widget
Write-Host "Updating Password Health Magic Dash for $CompanyName (ID: $CompanyId)..." -ForegroundColor Cyan
Set-HuduMagicDash -Title "Password Health" `
-CompanyName $CompanyName `
-Message $Message `
-Content $Content `
-Shade $WidgetColor
}
Write-Host "Password Health widgets updated for all companies!" -ForegroundColor Green