Private/Authentication/Get-KeyvaultSecret.ps1
|
function Get-KeyvaultSecret() { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$SecretName ) begin { # Start by connecting to Azure Key Vault $AzContext = Get-AzContext if (!$AzContext -or $AzContext.Tenant.Id -ne $script:Config.PartnerTenantId) { try { # Try certificate auth first $Certificate = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $script:Config.CertificateThumbprint } if ($Certificate) { Write-Verbose "Using certificate authentication for Azure Key Vault access" Connect-AzAccount -ApplicationId $script:Config.ApplicationId ` -CertificateThumbprint $Certificate.Thumbprint ` -Tenant $script:Config.PartnerTenantId ` -SubscriptionName $script:Config.SubscriptionName | Out-Null } else { Write-Verbose "Using interactive authentication for Azure Key Vault access" Connect-AzAccount -Tenant $script:Config.PartnerTenantId ` -SubscriptionName $script:Config.SubscriptionName | Out-Null } } catch { Write-ModuleLog -Message "Failed to connect to Azure" -Level Error -Component 'AzureConnection' -ErrorRecord $_ } } } process { try { # Retrieve the specified secret from Key Vault $SecretValue = Get-AzKeyVaultSecret -VaultName $script:Config.KeyVaultName -Name $SecretName -AsPlainText -WarningAction SilentlyContinue } catch { Write-ModuleLog -Message "Failed to retrieve secret '$SecretName' from Key Vault" -Level Error -Component 'CredentialRetrieval' -ErrorRecord $_ } } end { return $SecretValue } } |