Skip to content

Commit

Permalink
Merge pull request #10 from joshcorr/output-changes
Browse files Browse the repository at this point in the history 
Output changes
  • Loading branch information
@joshcorr
joshcorr authored Jun 10, 2021
2 parents ef0b866 + 7aab016 commit 21399a7
Show file tree
Hide file tree
Showing 6 changed files with 111 additions and 52 deletions.
36 changes: 36 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Change Log

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).

## [1.0.2] - 2021-06-10
Default to Hashtable output.
## [1.0.1] - 2021-06-04
Improve Logging. Make Health Checks optional.
Suggested by [Mounting to an existing path in Vault #7](https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/issues/7)
## [1.0.0] - 2021-06-04
Update About; remove Preview Tag
## [0.0.11] - 2021-03-16
More Bug fixes
## [0.0.10] - 2021-03-16
Fix login logic bug
## [0.0.9] - 2021-03-15
Better Token Management; Retrieving Metadata
## [0.0.8] - 2021-03-13
Support Hashtable; Creating Metadata; Removing Vaults
## [0.0.7] - 2021-03-09
Create New Vault; Fix Test-SecretVault
## [0.0.6] - 2021-03-08
Required Secrets Version; Fix folder structure
## [0.0.5] - 2021-03-08
Version Bump
## [0.0.4] - 2021-03-08
More Github Actions changes
## [0.0.3] - 2021-03-08
Github Actions changes
## [0.0.2] - 2021-03-08
Fixes for SecretsManagement RC1
## [0.0.1] - 2020-10-27
Initial Preview Release
15 changes: 11 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,23 @@ $VaultParameters = @{ VaultServer = 'https://vault-cluster.domain.local'
KVVersion = 'v1'}
```

If you stored your secrets in a flat structure (i.e. no slashes in your path).
You may want to return all secrets as a PSCredential. You can do this by providing the following:
```powershell
$VaultParameters @{ ...
OutputType = 'PSCredential'
}
```
The Default is to return it as a Hashtable.

You may provide either a single text string or a hashtable to the `-Secret` parameter.

## KV Version 2 distinctions
- Get-Secret only retrieves the newest secret
- Get-SecretInfo retrieves the Hashicorp Metadata.
- Set-Secret Adds/Updates without CheckAndSet. Althought it can be passed with `-Metadata @{cas=<versionNumber>}`
- Remove-Secret Completely Removes the secret and all versions

## TO DO
- Allow token updating
- Allow options for KV2 version retrieval


[GitHubSuper-Linter]: https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/workflows/ci/badge.svg
[GitHubSuper-LinterLink]: https://github.com/marketplace/actions/super-linter
Expand Down
2 changes: 1 addition & 1 deletion ...anagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psd1
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@{
ModuleVersion = '1.0.1'
ModuleVersion = '1.0.2'
RootModule = 'SecretManagement.Hashicorp.Vault.KV.Extension.psm1'
FunctionsToExport = @('Set-Secret', 'Get-Secret', 'Remove-Secret', 'Get-SecretInfo', 'Test-SecretVault', 'Unregister-SecretVault')
}
57 changes: 45 additions & 12 deletions ...anagement.Hashicorp.Vault.KV.Extension/SecretManagement.Hashicorp.Vault.KV.Extension.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ enum HashicorpVaultConfigValues {
VaultToken
VaultAPIVersion
KVVersion
OutputType
Verbose
}
enum HashicorpVaultAuthTypes {
Expand All @@ -23,6 +24,7 @@ class HashicorpVaultKV {
static [Securestring] $VaultToken
static [string] $VaultAPIVersion = 'v1'
static [string] $KVVersion = 'v2'
static [string] $OutputType = 'Hashtable'
static [bool] $Verbose
}
function Invoke-CustomWebRequest {
Expand Down Expand Up @@ -429,22 +431,48 @@ function Get-Secret {
$SecretData = Invoke-VaultAPIQuery -VaultName $VaultName -SecretName $Name
switch ([HashicorpVaultKV]::KVVersion) {
'v1' {
if ($SecretData.data.psobject.properties.Name -notcontains $SecretName) {
$Secret = $SecretData.data
$SecretObject = [PSCredential]::new($Name, ($Secret | ConvertTo-SecureString -AsPlainText -Force))
} else {
$Secret = $SecretData.data
$SecretObject = [PSCredential]::new($Name, ($Secret.$SecretName | ConvertTo-SecureString -AsPlainText -Force))
switch ([HashicorpVaultKV]::OutputType) {
'PSCredential' {
if ($SecretData.data.psobject.properties.Name -notcontains $SecretName) {
$Secret = $SecretData.data
$SecretObject = [PSCredential]::new($Name, ($Secret | ConvertTo-SecureString -AsPlainText -Force))
} else {
$Secret = $SecretData.data
$SecretObject = [PSCredential]::new($Name, ($Secret.$SecretName | ConvertTo-SecureString -AsPlainText -Force))
}
continue
}
'Hashtable' {
$Secret = $SecretData.data
$Hashtable = @{}
$Secret.psobject.properties | ForEach-Object { $Hashtable[$PSItem.name] = $PSItem.value }
$SecretObject = $Hashtable
continue
}
default { throw "$([HashicorpVaultKV]::OutputType) OutputType not supported" }
}
continue
}
'v2' {
if ($SecretData.data.data.psobject.properties.Name -notcontains $SecretName) {
$Secret = $SecretData.data.data
$SecretObject = [PSCredential]::new($Name, ($Secret | ConvertTo-SecureString -AsPlainText -Force))
} else {
$Secret = $SecretData.data.data
$SecretObject = [PSCredential]::new($Name, ($Secret.$SecretName | ConvertTo-SecureString -AsPlainText -Force))
switch ([HashicorpVaultKV]::OutputType) {
'PSCredential' {
if ($SecretData.data.data.psobject.properties.Name -notcontains $SecretName) {
$Secret = $SecretData.data.data
$SecretObject = [PSCredential]::new($Name, ($Secret | ConvertTo-SecureString -AsPlainText -Force))
} else {
$Secret = $SecretData.data.data
$SecretObject = [PSCredential]::new($Name, ($Secret.$SecretName | ConvertTo-SecureString -AsPlainText -Force))
}
continue
}
'Hashtable' {
$Secret = $SecretData.data.data
$Hashtable = @{}
$Secret.psobject.properties | ForEach-Object { $Hashtable[$PSItem.name] = $PSItem.value }
$SecretObject = $Hashtable
continue
}
default { throw "$([HashicorpVaultKV]::OutputType) OutputType not supported" }
}
continue
}
Expand Down Expand Up @@ -577,8 +605,13 @@ function Test-SecretVault {
}

if ($Null -eq [HashicorpVaultKV]::VaultToken) {
Write-Verbose "Retrieving a Token for authenticating to Vault"
Invoke-VaultToken
}
if ($Null -eq [HashicorpVaultKV]::OutputType) {
[HashicorpVaultKV]::OutputType = 'Hashtable'
Write-Verbose "Setting Default Output Type to Hashtable"
}

#The rest runs provided the top 4 items are correct
try {
Expand Down
37 changes: 2 additions & 35 deletions src/SecretManagement.Hashicorp.Vault.KV.psd1
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@{
ModuleVersion = '1.0.1'
ModuleVersion = '1.0.2'
CompatiblePSEditions = @('Desktop', 'Core')
GUID = '5dbf943d-d9c0-4db5-88a2-1995043a6305'
Author = 'Josh Corrick'
Expand All @@ -22,40 +22,7 @@
LicenseUri = 'https://raw.githubusercontent.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/main/LICENSE'
ProjectUri = 'https://github.com/joshcorr/SecretManagement.Hashicorp.Vault.KV'
# IconUri = ''
ReleaseNotes = @'
v1.0.0
Update About, and remove Preview Tag
v0.0.10 - v0.0.11
Fix login logic bug
v0.0.9
Better Token Management; Retrieving Metadata
v0.0.8
Support Hashtable; Creating Metadata; Removing Vaults
v0.0.7
Create New Vault; Fix Test-SecretVault
v0.0.6
Required Secrets Version; Fix folder structure
v0.0.5
Version Bump
v0.0.4
More Github Actions changes
v0.0.3
Github Actions changes
v0.0.2
Fixes for SecretsManagement RC1
v0.0.1
Initial Preview Release
'@
ReleaseNotes = 'https://raw.githubusercontent.com/joshcorr/SecretManagement.Hashicorp.Vault.KV/main/CHANGELOG.md'
}
}
}
16 changes: 16 additions & 0 deletions src/en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ $VaultParameters = @{ VaultServer = 'https://vault-cluster.domain.local'
Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest
-VaultParameters $VaultParameters

If you stored you secrets in a flat structure (i.e. no slashes in your path).
You may want to return all secrets as a PSCredential. You can do this by providing the following:
$VaultParameters @{ ...
OutputType = 'PSCredential'
}

KV Version 2 distinctions
- Get-Secret only retrieves the newest secret
- Get-SecretInfo retrieves the Hashicorp Metadata.
Expand All @@ -37,6 +43,8 @@ REGISTRATION PARAMETERS
VaultToken - The Vault Token you are using. This must be input as ConvertFrom-SecureString output.
VaultAPIVersion - Defaults to v1
KVVersion - Defaults to v2
OutputType - Defaults to Hashtable
Verbose - Supported by SecretManagement

SUPPORTED AUTHENTICATION TYPES
Hashicorp supports multiple ways of authenticating to retrieve a token.
Expand All @@ -46,6 +54,14 @@ SUPPORTED AUTHENTICATION TYPES
UserPass
Token

SUPPORTED OUTPUT TYPES
This extension currently supports to major output types:
Hashtable (default)
PSCredential

By default SecretManagement turns any plaintext password field into a SecureString.
Use -AsPlainText switch to return the hashtable in plaintext.


KEYWORDS
SecretManagement HashiCorp Secret Vault
Expand Down

0 comments on commit 21399a7

Please sign in to comment.