SecretManagement.KeePass

0.9.2-beta0008

SecretManagement.KeePass.Extension/Public/Set-Secret.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
                                using namespace KeepassLib.Security

function Set-Secret {

    [CmdletBinding()]

    param (

        [string]$Name,

        [object]$Secret,

        [Alias('Vault')][string]$VaultName,

        [Alias('VaultParameters')][hashtable]$AdditionalParameters = (Get-SecretVault -Name $VaultName).VaultParameters

    )

    trap {

        VaultError $PSItem

        throw $PSItem

    }

    if ($AdditionalParameters.Verbose) {$VerbosePreference = 'continue'}

    if (-not $Name) {throw [NotSupportedException]'The -Name parameter is mandatory for the KeePass vault'}

    if (-not (Test-SecretVault -VaultName $vaultName)) {

        throw throw 'There appears to be an issue with the vault (Test-SecretVault returned false)'

    }

    $KeepassParams = GetKeepassParams $VaultName $AdditionalParameters

    if (Get-SecretInfo -Name $Name -Vault $VaultName) {

        Write-Warning "Vault ${VaultName}: A secret with the title $Name already exists. This vault currently does not support overwriting secrets. Please remove the secret with Remove-Secret first."

        return $false

    }

    #Set default group

    #TODO: Support Creating Secrets with paths

    $KeepassParams.KeePassGroup = (Get-Variable "VAULT_$VaultName").Value.RootGroup

    switch ($Secret.GetType()) {

        ([String]) {

            $KeepassParams.Username = $null

            $KeepassParams.KeepassPassword = [ProtectedString]::New($true, $Secret)

            break

        }

        ([SecureString]) {

            $KeepassParams.Username = $null

            $KeepassParams.KeepassPassword = [ProtectedString]::New($true, (Unlock-SecureString $Secret))

            break

        }

        ([PSCredential]) {

            $KeepassParams.Username = $Secret.Username

            $KeepassParams.KeepassPassword = [ProtectedString]::New($true, $Secret.GetNetworkCredential().Password)

            break

        }

        default {

            throw [NotImplementedException]'This vault provider only accepts string, securestring, and PSCredential secrets'

        }

    }

    $KPEntry = Add-KPEntry @KeepassParams -Title $Name -PassThru

    #Save the changes immediately

    #TODO: Consider making this optional as a vault parameter

    $KeepassParams.KeepassConnection.Save($null)

    return [Bool]($KPEntry)

}