BcAdmin.Core

0.0.1

functions/secrets/New-SecretVault.ps1

                                function New-SecretVault {

<#

.SYNOPSIS

Ensures that a named SecretManagement vault is registered and optionally configures it for automation scenarios.

.DESCRIPTION

Checks whether a given vault (or the default vault named 'MyDefaultVault') is registered with SecretManagement.

If no vaults are registered, or the specified vault does not exist, it registers the vault using the SecretStore module.

Optionally, the vault can be configured for non-interactive automation scenarios by disabling authentication and interaction prompts.

.PARAMETER Vault

The name of the vault to check or create. If not specified, 'MyDefaultVault' is used.

.PARAMETER EnableAutomationMode

If specified, configures the SecretStore to use no authentication and disables all interactive prompts. Useful for automation or CI/CD environments.

.PARAMETER Scope

Specifies the SecretStore configuration scope. Valid values are 'CurrentUser' and 'AllUsers'. Defaults to 'CurrentUser'.

.OUTPUTS

System.String. The name of the vault that is now available.

.EXAMPLE

New-SecretVault

Ensures that 'MyDefaultVault' is registered and available.

.EXAMPLE

New-SecretVault -Vault 'MyAppVault' -EnableAutomationMode -Scope AllUsers

Registers 'MyAppVault' and configures SecretStore for non-interactive automation use at the AllUsers scope.

.NOTES

Requires the Microsoft.PowerShell.SecretManagement and Microsoft.PowerShell.SecretStore modules.

#>

    [CmdletBinding()]

    param (

        [Parameter(ValueFromPipelineByPropertyName = $true)]

        [Alias('VaultName')]

        [string] $Vault = 'MyDefaultVault',

        [switch] $EnableAutomationMode,

        [ValidateSet('CurrentUser', 'AllUsers')]

        [string] $Scope = 'CurrentUser'

    )

    $existingVaults = Get-SecretVault -ErrorAction SilentlyContinue

    if (-not $existingVaults) {

        Write-Verbose "No vaults are registered. Registering default vault '$Vault'."

        try {

            Register-SecretVault -Name $Vault -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -ErrorAction Stop

        } catch {

            throw "Failed to register default vault '$Vault': $_"

        }

    }

    elseif ($existingVaults.Name -notcontains $Vault) {

        Write-Verbose "Vault '$Vault' is not registered. Registering it now."

        try {

            Register-SecretVault -Name $Vault -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -ErrorAction Stop

        } catch {

            throw "Failed to register vault '$Vault': $_"

        }

    }

    if ($EnableAutomationMode) {

        Write-Verbose "Enabling automation-friendly configuration (no authentication, no interaction)."

        Set-SecretStoreConfiguration -Authentication None -Interaction None -Scope $Scope -Confirm:$false

    }

    return $Vault

}