Public/Get-BuildSecrets.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
function Get-BuildSecrets {
    <#
.SYNOPSIS
    Gets all secrets currently set in the environment
.DESCRIPTION
    Gets all secrets currently set in the environment. The user has to login to azure first using "az login"

    Important: The - character will automatically be replaced with the _ character.
.PARAMETER KeyVaultName
    The name of the key vault containing the environment
.PARAMETER ShowValue
    If specified the secret value will be written to the console
.PARAMETER SubscriptionID
    Allows the user to specify a subscription id if required. if not specified, the default subscription will be used.
#>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, Position = 1)]
        [String[]]$KeyVaultName,
        [Parameter(Mandatory = $false)]
        [String]$SecretName,
        [Parameter(Mandatory=$false)]
        [Alias('s')]
        [Switch]$ShowValue,
        [Parameter(Mandatory = $false)]
        [String]$SubscriptionID
    )

      # Select the appropriate subscription
      if ($SubscriptionID) {
        Invoke-Azcli -ArgumentList "account set -s $SubscriptionID"
    }

    $Results = Invoke-Azcli -ArgumentList "account show"

    if ($Results.state -ne 'Enabled') {
        throw "You must login and select a subscription"   
    }

    foreach ($Name in $KeyVaultName) { 
        $Results = Invoke-Azcli -ArgumentList "keyvault show --name $Name"
        
        if ($Results.name -ne $Name) {
            throw "Key vault [$name] does not exists."
        }

        Write-Verbose "Getting Secrets from Vault [$Name]"       

        $QueryString = "keyvault secret list --vault-name $Name"

        if ($SecretName) {
            # We replace all underscores with a dash... just in case somebody wants to reference the variable name rather than the secret name...
            $QueryString += ' --query "[?contains(id, `{0}`)]"' -f $($SecretName.Replace('_','-'))
        }

        $Results = Invoke-Azcli -ArgumentList $QueryString

        if ($Results.Count -lt 1) {
            Write-Verbose "No secrets found in vault [$Name]"
        }
        
        $Secrets = @()

        foreach ($Result in $Results) {
            $Secrets += Split-Path $Result.id -Leaf
        }       
        
        foreach ($Secret in $Secrets) {  

            # Replace - with _
            $Secret = $($Secret.Replace('-','_'))

            $var = Get-Item -Path Env:$Secret -ErrorAction SilentlyContinue

            if ($var) {
                if ($ShowValue) {
                    # Set Environment Variable
                    Get-Item -Path Env:$Secret
                } else {
                    Write-Output $Secret
                }
               
            } else {
                Write-Output "Could not find secret [$Secret] in current environment"
            }
 
        }
    }
   
}