SecretManagement.1Password

0.0.2.0

SecretManagement.1Password.Extension/SecretManagement.1Password.Extension.psm1

                                using namespace Microsoft.PowerShell.SecretManagement

function Test-SecretVault {

    [CmdletBinding()]

    param (

        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]

        [string]$VaultName,

        [Parameter(ValueFromPipelineByPropertyName)]

        [hashtable]$AdditionalParameters = (Get-SecretVault -Name $vaultName).VaultParameters

    )

    $VaultParameters = $AdditionalParameters

    $accountName = $VaultParameters.AccountName

    $emailAddress = $VaultParameters.EmailAddress

    $secretKey = $VaultParameters.SecretKey

    Write-Verbose "SecretManagement: Testing Vault ${VaultName} for Account ${accountName}"

    if (-not $VaultName) { throw '1Password: You must specify a Vault Name to test' }

    if (-not $VaultParameters.AccountName) { throw '1Password: You must specify a 1Password Account to test' }

    if (-not $VaultParameters.EmailAddress) { throw '1Password: You must specify an Email for your 1Password Account to test' }

    if (-not $VaultParameters.SecretKey) { throw '1Password: You must specify an SecretKey for your 1Password Account to test' }

    Write-Verbose "Test listing vaults"

    $vaults = & op list vaults 2>$null | ConvertFrom-Json

    if ($null -eq $vaults) {

        if ( $null -eq [System.Environment]::GetEnvironmentVariable("OP_SESSION_$accountName") ) {

            Write-Verbose "Attemp login with shorthand and grab session token"

            $token = & op signin $accountName --raw

            if ( $null -eq $token ) {

                Write-Verbose "Attemp login with all parameters"

                $token = & op signin $accountName $emailAddress $secretKey -raw

            }

        }

        else {

            Write-Verbose "Attemp login with shorthand and grab session token"

            & op signin $accountName

        }

        Write-Verbose "Cache session token to [OP_SESSION_$accountName] - $token"

        [System.Environment]::SetEnvironmentVariable("OP_SESSION_$accountName", $token)

        Write-Verbose "Test listing vaults final"

        $vaults = & op list vaults 2>$null | ConvertFrom-Json

    }

    $Vaults.name -contains $VaultName

}

function Get-SecretInfo {

    [CmdletBinding()]

    param (

        [Parameter(ValueFromPipelineByPropertyName, Mandatory)]

        [string]$VaultName,

        [Parameter()]

        [string]$Filter,

        [Parameter()]

        [hashtable] $AdditionalParameters

    )

    # Password category isn't supported for some reason

    $items = & op list items --categories Login --vault $VaultName | ConvertFrom-Json

    foreach ($item in $items) {

        $type = switch ($item.templateUuid) {

            '001' { [SecretType]::PSCredential }

            '005' { [SecretType]::SecureString }

            Default { [SecretType]::Unknown }

        }

        [SecretInformation]::new(

            $item.overview.title,

            $type,

            $VaultName

        )

    }

}

function Get-Secret {

    [CmdletBinding()]

    param (

        [Parameter()]

        [string]$Name,

        [Parameter()]

        [string]$Filter,

        [Parameter()]

        [string]$VaultName,

        [Parameter()]

        [hashtable] $AdditionalParameters

    )

    $item = & op get item $Name --fields username,password --vault $VaultName 2>$null | ConvertFrom-Json

    [securestring]$secureStringPassword = ConvertTo-SecureString $item.password -AsPlainText -Force

    if ([string]::IsNullOrEmpty($item.username)) {

        $secureStringPassword

    }

    else {

        [PSCredential]::new(

            $item.username,

            $secureStringPassword

        )

    }

}

function Set-Secret {

    [CmdletBinding()]

    param (

        [Parameter()]

        [string]$Name,

        [Parameter()]

        [object]$Secret,

        [Parameter()]

        [string]$VaultName,

        [Parameter()]

        [hashtable] $AdditionalParameters

    )

    $item = & op get item $Name --fields title --vault $VaultName 2>$null

    $date = @{}

    switch ($Secret.GetType().Name) {

        'string' { Write-Warning "String input is not yet implemented" }

        'securestring' { Write-Warning "SecureString input is not yet implemented" }

        'PSCredential' {

            $data =  op get template login | ConvertFrom-Json -AsHashtable

            $data.fields | ForEach-Object {

                if ($_.name -eq 'username') {$_.value = $Secret.UserName}

                if ($_.name -eq 'password') {$_.value = $Secret.GetNetworkCredential().password}

            }

            $endcodedData = $data | ConvertTo-Json | op encode

            $category = "Login"

         }

        Default {}

    }

    if ($null -eq $item) {

        & op create item $category $endcodedData title=$Name --vault $VaultName

    } else {

        & op edit item $item username=$($Secret.UserName) password=$($Secret.GetNetworkCredential().password) --vault $VaultName

    }

    return $?

}

function Remove-Secret {

    [CmdletBinding()]

    param (

        [Parameter()]

        [string]$Name,

        [Parameter()]

        [string]$VaultName,

        [Parameter()]

        [hashtable] $AdditionalParameters

    )

    Write-Warning "Not implemented"

    return $false

}