SecretManagement.DevolutionsServer

2022.3.2.0

SecretManagement.DevolutionsServer.Extension/public/Get-Secret.ps1

                                using namespace Microsoft.PowerShell.SecretManagement

using namespace Devolutions.Server

function Get-Secret {

    [CmdletBinding()]

    param(

        [string] $Name,

        [string] $VaultName,

        [hashtable] $AdditionalParameters

    )

    $AsPlainText = $AdditionalParameters.ContainsKey('AsPlainText') -and ($AdditionalParameters['AsPlainText'] -eq $true)

    $verboseEnabled = $AdditionalParameters.ContainsKey('Verbose') -and ($AdditionalParameters['Verbose'] -eq $true)

    Write-Verbose "Get-SecretInfo Vault: $VaultName" -Verbose:$verboseEnabled

    try {

        $dsParameters = (Get-SecretVault -Name $VaultName).VaultParameters

        Connect-DevolutionsServer -VaultName $VaultName -DSParameters $dsParameters

        Write-Verbose $Global:DSSessionToken -Verbose:$verboseEnabled

        $vaultId = Get-VaultId($dsParameters) 

        if (-not $vaultId) {

            throw [System.Exception] "Vault $($vaultId) not found."

        }

        $foundEntry = Get-Entry($Name)

        if (-not $foundEntry) {

            Write-Verbose "No entry found." -Verbose:$verboseEnabled

            throw "Entry Not found."

        }

        else {

            if ($foundEntry.connectionType -ne 26) {

                Write-Verbose "Entry of type $($foundEntry.connectionType) was found." -Verbose:$verboseEnabled

                return [PSCredential]::Empty

            }

            Write-Verbose "Retrieving data..." -Verbose:$verboseEnabled

            $endtryData = (ConvertFrom-Json (Get-DSEntry -EntryId $foundEntry.id).originalResponse.Content).data

            Write-Verbose "Retrieving sensitive..." -Verbose:$verboseEnabled

            $entrySensitive = Get-DSEntrySensitiveData $foundEntry.id

            $username = $entrySensitive.Body.data.credentials.userName

            $password = $entrySensitive.Body.data.credentials.password

            if (($endtryData.userName -eq "") -and ($foundEntry.Connection.Credentials.Password -eq "")) {

                Write-Verbose "Generating empty credentials." -Verbose:$verboseEnabled

                return [PSCredential]::Empty

            }

            if (-not $password -or $password -eq "") {

                Write-Verbose "Generating credentials with empty password." -Verbose:$verboseEnabled

                $securePassword = (new-object System.Security.SecureString)

            }

            else {

                $securePassword = ConvertTo-SecureString -String $password -AsPlainText

            }

            if(-not $AsPlainText){

                return New-Object PSCredential -ArgumentList ([pscustomobject] @{ UserName = $username; Password = $securePassword[0] }) 

            }

            else {

                $test = ConvertFrom-SecureString -SecureString $password -AsPlainText

                return @{ UserName = $username; Password = $test }

            }

        }

    }

    catch {

        Write-Error $_.Exception.Message 

    }

    finally {

        Disconnect-DevolutionsServer($dsParameters);

    }

}