Public/Set-BuildSecrets.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
function Set-BuildSecrets {
    <#
    .SYNOPSIS
        Sets all secrets stored in a specific key vault as environment variables.
    .DESCRIPTION
        Sets all secrets stored in a specific key vault as environment variables. The user has to login to azure first using "az login"

        Important: The - character will automatically be replaced with the _ character.
    .PARAMETER KeyVaultName
        The name of the key vault containing the environment
    .PARAMETER SubscriptionID
            Allows the user to specify a subscription id if required. if not specified, the default subscription will be used.
    .EXAMPLE
        Set-BuildEnvironment -KeyVaultName "MyVault" -ResourceGroupName "MyResourceGroup"
    #>
    
    
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [String[]]$KeyVaultName,
        [Parameter(Mandatory = $false)]
        [String]$SubscriptionID
    )           

    # Select the appropriate subscription
    if ($SubscriptionID) {
        Invoke-Azcli -Arguments "account set -s $SubscriptionID"
    }

    $Results = Invoke-Azcli -Arguments "account show"

    if ($Results.state -ne 'Enabled') {
        throw "You must login and select a subscription"   
    }

    # Get all secrets from specified vault's
    foreach ($Name in $KeyVaultName) {

        $Results = Invoke-Azcli -Arguments "keyvault show --name $Name"

        if ($Results.name -ne $Name) {
            throw "Key vault [$name] does not exists."
        }

        Write-Verbose "Adding Secrets from Vault [$Name]"       

        $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name"

        if ($Results.Count -lt 1) {
            Write-Verbose "No secrets found in vault [$Name]"
        }

        $Results = Invoke-Azcli -Arguments "keyvault secret list --vault-name $Name"
        
        $Secrets = @()

        foreach ($Result in $Results) {
            $Secrets += Split-Path $Result.id -Leaf
        }       
        
        foreach ($Secret in $Secrets) {  
                    
            # We get the secret from azure key vault
            $SecretValue = Invoke-Azcli -Arguments "keyvault secret show --name $Secret --vault-name $Name" | Select-Object -ExpandProperty 'value'

            # Replace - with _
            $Secret = $($Secret.Replace('-','_'))

            # Set Environment Variable
            New-Item -Path Env:$Secret -Value $SecretValue -Force | Out-Null            

            Write-Verbose "Secret [$($Secret.Replace('-','_'))] added to environment"
        }        
        
    } 

}