Public/Remove-BuildSecrets.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
function Remove-BuildSecrets {
    <#
.SYNOPSIS
    Removes all variables of the specified key vault from the current environment
.DESCRIPTION
        Removes all variables of the specified key vault from the current environment. The user has to login to azure first using "az login"

    Important: The - character will automatically be replaced with the _ character.
.PARAMETER KeyVaultName
    The name of the key vault containing the environment
.PARAMETER SubscriptionID
        Allows the user to specify a subscription id if required. if not specified, the default subscription will be used.
#>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, Position = 1)]
        [String[]]$KeyVaultName,
        [Parameter(Mandatory = $false)]
        [String]$SubscriptionID
    )

    # Select the appropriate subscription
    if ($SubscriptionID) {
        Invoke-Azcli -ArgumentList "account set -s $SubscriptionID"
    }

    $Results = Invoke-Azcli -ArgumentList "account show"

    if ($Results.state -ne 'Enabled') {
        throw "You must login and select a subscription"   
    }
    # Get all secrets from specified vault's
    $Secrets = @()
    
    foreach ($Name in $KeyVaultName) { 

        $Results = Invoke-Azcli -ArgumentList "keyvault show --name $Name"
        
        if ($Results.name -ne $Name) {
            throw "Key vault [$name] does not exists."
        }

        Write-Verbose "Removing Secrets from Vault [$Name]"       

        $Results = Invoke-Azcli -ArgumentList "keyvault secret list --vault-name $Name"

        if ($Results.Count -lt 1) {
            Write-Verbose "No secrets found in vault [$Name]"
        }

        $Results = Invoke-Azcli -ArgumentList "keyvault secret list --vault-name $Name"
        
        $Secrets = @()

        foreach ($Result in $Results) {
            $Secrets += Split-Path $Result.id -Leaf
        }       
        
        foreach ($Secret in $Secrets) {  

            # Replace - with _
            $Secret = $($Secret.Replace('-','_'))

            $var = Get-Item -Path Env:$Secret -ErrorAction SilentlyContinue
            
            if ($var) {
                # Set Environment Variable
                Remove-Item -Path Env:$Secret
                Write-Verbose "Getting secret [$Secret]"
            } else {
                Write-Output "Could not find secret [$Secret] in current environment"
            }
 
        }

        # Remove vault from list of loaded vaults
        if ($Script:Vaults -contains $Name) {
            $Script:Vaults.Remove($Name)
        }
        
    
    }

}