PowerCraft.Secrets

1.0.0

Public/Get-PCSecret.ps1

                                function Get-PCSecret {

    <#

    .SYNOPSIS

        Retrieves a secret by service name.

    .DESCRIPTION

        Returns the API key for a service. Resolution order:

        1. Environment variable (highest priority)

        2. ~/.powercraft/secrets.json

    .PARAMETER Name

        Service name (e.g., 'openai', 'anthropic', 'brave-search').

    .PARAMETER Property

        Specific property to retrieve. Defaults to 'apiKey'.

    .PARAMETER AsHashtable

        Return the full secret entry as a hashtable instead of a single value.

    .PARAMETER Required

        Throw an error if the secret is not found.

    .OUTPUTS

        [string] The secret value, or [hashtable] if -AsHashtable.

    .EXAMPLE

        Get-PCSecret -Name 'openai'

        # Returns: "sk-..."

    .EXAMPLE

        Get-PCSecret -Name 'openai' -AsHashtable

        # Returns: @{ apiKey = "sk-..."; envVar = "OPENAI_API_KEY" }

    .EXAMPLE

        Get-PCSecret -Name 'openai' -Required

        # Throws if not configured

    #>

    [CmdletBinding()]

    [OutputType([string], [hashtable])]

    param(

        [Parameter(Mandatory, Position = 0)]

        [string]$Name,

        [Parameter()]

        [string]$Property = 'apiKey',

        [Parameter()]

        [switch]$AsHashtable,

        [Parameter()]

        [switch]$Required

    )

    # Check environment variable first

    $envVarName = Resolve-PCEnvVarName -Name $Name -SecretEntry $null

    $envValue = $null

    if (Test-Path "env:$envVarName") {

        $envValue = (Get-Item "env:$envVarName").Value

        Write-Verbose "Found $Name via environment variable $envVarName"

    }

    # Load from secrets file

    $secrets = Read-PCSecretsFile

    $entry = $secrets[$Name]

    # If we have an env value, resolve the proper envVar name using the entry

    if ($entry) {

        $envVarName = Resolve-PCEnvVarName -Name $Name -SecretEntry $entry

        if (-not $envValue -and (Test-Path "env:$envVarName")) {

            $envValue = (Get-Item "env:$envVarName").Value

            Write-Verbose "Found $Name via environment variable $envVarName"

        }

    }

    # Return full entry if requested

    if ($AsHashtable) {

        if ($entry) {

            # Overlay env value if present

            if ($envValue) { $entry[$Property] = $envValue }

            return $entry

        }

        elseif ($envValue) {

            return @{ $Property = $envValue }

        }

        elseif ($Required) {

            throw "Required secret not found: $Name. Run Set-PCSecret -Name '$Name' -ApiKey '<your-key>' or set `$env:$envVarName."

        }

        return $null

    }

    # Return single property

    $value = $envValue

    if (-not $value -and $entry) {

        $value = $entry[$Property]

    }

    if ($Required -and -not $value) {

        throw "Required secret not found: $Name.$Property. Run Set-PCSecret -Name '$Name' -ApiKey '<your-key>' or set `$env:$envVarName."

    }

    return $value

}