Public/Proxy/Set-AzKeyVaultSecret.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
function Set-AzKeyVaultSecret {
    <#
    .PARAMETER Auto
    This will allow you to save other object types as a secret. ('PSCredential', 'String', 'Hashtable', 'PSCustomObject', 'SecureString')
 
    .EXAMPLE
    Set-AzKeyVaultSecret -Auto -Name 'Secret' -SecretValue @{ server = 'server.domain.com'; credentials = $Credentials }
 
    .NOTES
    General notes
    #>

    <#
 
    .ForwardHelpTargetName Az.Keyvault\Set-AzKeyVaultSecret
    .ForwardHelpCategory Cmdlet
 
    #>

    [CmdletBinding(DefaultParameterSetName='Default', SupportsShouldProcess=$true, ConfirmImpact='Medium')]
    param(
        [Parameter(ParameterSetName='Default', Position=0, HelpMessage='Vault name. Cmdlet constructs the FQDN of a vault based on the name and currently selected environment.')]
        [ValidateNotNullOrEmpty()]
        [string]
        ${VaultName},

        [Parameter(ParameterSetName='Default', Mandatory=$true, Position=1, HelpMessage='Secret name. Cmdlet constructs the FQDN of a secret from vault name, currently selected environment and secret name.')]
        [Alias('SecretName')]
        [ValidateNotNullOrEmpty()]
        [string]
        ${Name},

        [Parameter(Mandatory=$true, Position=2, HelpMessage='Secret value')]
        ${SecretValue},

        [Parameter(HelpMessage='A hashtable representing secret tags.')]
        [Alias('Tags')]
        [hashtable]
        ${Tag},

        [Parameter(HelpMessage='Secret''s content type.')]
        [string]
        ${ContentType},

        [Parameter(ParameterSetName='InputObject', Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage='Secret object')]
        [ValidateNotNullOrEmpty()]
        [Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSecretIdentityItem]
        ${InputObject},

        [Parameter(HelpMessage='Set secret in disabled state if present. If not specified, the secret is enabled.')]
        [switch]
        ${Disable},

        [Parameter(HelpMessage='The expiration time of a secret in UTC time. If not specified, the secret will not expire.')]
        [System.Nullable[datetime]]
        ${Expires},

        [Parameter(HelpMessage='The UTC time before which secret can''t be used. If not specified, there is no limitation.')]
        [System.Nullable[datetime]]
        ${NotBefore},

        [Parameter(HelpMessage='The credentials, account, tenant, and subscription used for communication with Azure.')]
        [Alias('AzContext','AzureRmContext','AzureCredential')]
        [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]
        ${DefaultProfile},

        [Parameter(HelpMessage='Used to allows the saving of more then string data.')]
        [switch]
        ${Auto}
    )

    begin
    {
        try {
            $outBuffer = $null
            if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))
            {
                $PSBoundParameters['OutBuffer'] = 1
            }
            $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Az.Keyvault\Set-AzKeyVaultSecret', [System.Management.Automation.CommandTypes]::Cmdlet)

            if($PSBoundParameters['Auto']) {
                $null = $PSBoundParameters.Remove('Auto')

                if (!$PSBoundParameters.VaultName) { $PSBoundParameters.VaultName = $Script:KeyVault.VaultName }

                $SupportedTypes = @('PSCredential', 'String', 'Hashtable', 'PSCustomObject', 'SecureString')
                if ($SupportedTypes -notcontains $PSBoundParameters.SecretValue.getType().Name) {
                    $Message = @()
                    $Message += "$($PSBoundParameters.SecretValue.getType().Name), is not a supported object type."
                    $Message += "Supported types: $($SupportedTypes -join ', ')"
                    return Write-Error $($Message | Out-String)
                }

                if (!$PSBoundParameters.Tag) { $PSBoundParameters.Tag = @{} }
                if ($PSBoundParameters.SecretValue.getType().Name -eq 'SecureString'){}
                elseif ($PSBoundParameters.SecretValue.getType().Name -eq 'PSCredential') {
                    $PSBoundParameters.ContentType = 'PSCredential'
                    $PSBoundParameters.Tag['UserName'] = $PSBoundParameters.SecretValue.UserName
                    $PSBoundParameters.SecretValue = $PSBoundParameters.SecretValue.Password
                }
                elseif ($PSBoundParameters.SecretValue.getType().Name -eq 'String') {
                    $PSBoundParameters.ContentType = 'String'
                    $PSBoundParameters.SecretValue = ConvertTo-SecureString $SecretValue -AsPlainText -Force
                }
                else {
                    $PSBoundParameters.ContentType = 'JSON'

                    $PSBoundParameters.SecretValue = _CloneObject $PSBoundParameters.SecretValue

                    # replace PSCreds with nested secrets
                    $Replaced = _CheckForCreds -VaultName $PSBoundParameters.VaultName -SecretName $PSBoundParameters.Name -SecretValue $PSBoundParameters.SecretValue
                    if ($Replaced) {
                        foreach($Key in $Replaced){
                            $PSBoundParameters.Tag[$Key] = 'PSCred'
                        }
                    }

                    $PSBoundParameters.SecretValue = $PSBoundParameters.SecretValue | ConvertTo-Json
                    $PSBoundParameters.SecretValue = ConvertTo-SecureString $PSBoundParameters.SecretValue -AsPlainText -Force
                }
            }

            $scriptCmd = { & $wrappedCmd @PSBoundParameters }
            $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
            $steppablePipeline.Begin($PSCmdlet)
        } catch {
            throw
        }
    }

    process
    {
        try {
            $steppablePipeline.Process($_)
        } catch {
            throw
        }
    }

    end
    {
        try {
            $steppablePipeline.End()
        } catch {
            throw
        }
    }
}