SecretManagement.DevolutionsHub.Extension/public/Get-Secret.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
using namespace Microsoft.PowerShell.SecretManagement
using namespace Devolutions.Hub.PowerShell

function Get-Secret {
    [CmdletBinding()]
    param(
        [string] $Name,
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )

    $verboseEnabled = $AdditionalParameters.ContainsKey('Verbose') -and ($AdditionalParameters['Verbose'] -eq $true)
    Write-Verbose "Get-Secret Vault: $VaultName" -Verbose:$verboseEnabled

    $hubParameters = (Get-SecretVault -Name $VaultName).VaultParameters
    try {
        Connect-DevolutionsHub($VaultName, $hubParameters);

        $vaultId = $hubParameters.VaultId;
        Write-Verbose "Parsing VaultId" -Verbose:$verboseEnabled
        try {
            $vaultId = [System.Guid]::Parse($Vault)
            Write-Verbose "$vaultId" -Verbose:$verboseEnabled
        }
        catch {
            Write-Verbose "VaultId is not a valid GUID. Looking for Vault with name: $Vault" -Verbose:$verboseEnabled

            foreach ($hubVault in Get-HubVault) {
                if ($hubVault.Name -eq $vaultId) {
                    $vaultId = $hubVault.Id
                    $vaultFound = $true
                    break;
                }
            }

            if (-not $vaultFound) {
                throw [System.Exception] "Vault $($vauldId) not found."
            }
        }

        Write-Verbose $Name -Verbose:$verboseEnabled

        $foundEntry = $null;
        Write-Verbose "Parsing entry name" -Verbose:$verboseEnabled
        try {
            $entryId = [System.Guid]::Parse($Name)
            $foundEntry = Get-HubEntry -VaultId $vaultId -EntryId $entryId
        }
        catch {
            $parsedName = $Name -split '\\'
            $entryName = $parsedName[$parsedName.Length - 1];
            if ($parsedName.Length -ge 2) {
                $group = $parsedName[0 .. ($parsedName.Length - 2)] | Join-String -Separator '\'
            }
            else {
                $group = ""
            }

            Write-Verbose "Looking for $($entryName) in $($group)" -Verbose:$verboseEnabled
            foreach ($entry in (Get-HubEntry -VaultId $vaultId)) {
                if ($entry.Connection.Group -eq $group -and $entry.Connection.Name -eq $entryName) {
                    $foundEntry = $entry;
                    Write-Verbose "Entry $Name was found" -Verbose:$verboseEnabled
                    break;
                }
            }
        }  

        if (-not $foundEntry) {
            Write-Verbose "No entry found" -Verbose:$verboseEnabled
            throw "Entry Not found"
        }
        else {
            if ($foundEntry.Connection.ConnectionType -ne "Credential") {
                Write-Verbose "Entry of type $($foundEntry.Connection.ConnectionType) was found" -Verbose:$verboseEnabled
                return [PSCredential]::Empty
            }

            if (($foundEntry.Connection.Credentials.UserName -eq "") -and ($foundEntry.Connection.Credentials.Password -eq "")) {
                Write-Verbose "Generating empty credentials" -Verbose:$verboseEnabled
                return [PSCredential]::Empty
            }

            $username = $foundEntry.Connection.Credentials.UserName
            if ($foundEntry.Connection.Credentials.Password -eq "") {
                Write-Verbose "Generating credentials with empty password" -Verbose:$verboseEnabled
                $securePassword = (new-object System.Security.SecureString)
            }
            else {
                $securePassword = ConvertTo-SecureString -String $foundEntry.Connection.Credentials.Password -AsPlainText
            }

            return New-Object PSCredential -ArgumentList ([pscustomobject] @{ UserName = $username; Password = $securePassword[0] }) 
        }
    }
    catch {
        Write-Error $_.Exception.Message
    }
    finally {
        Disconnect-DevolutionsHub($hubParameters);
    }
}