SecretManagement.Keeper.Extension/SecretManagement.Keeper.Extension.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
function Get-Config {
    param (
        [string] $LocalVaultName
    )
    $vaults = Microsoft.Powershell.SecretManagement\Get-SecretVault
    $localVault = $vaults.Where( { $_.Name -eq $LocalVaultName } )
    if (!$localVault) {
        return $null
    }
    $moduleInstance = Import-Module -Name $localVault.ModuleName -PassThru
    $configSecretName = 'KeeperVault.' + $VaultName
    $config = & $moduleInstance Get-Secret -Name $configSecretName -VaultName $localVault.Name
    if ($config -isnot [Hashtable]) { 
        $config = $config[0] # SecretStore returns a List
    }
    return $config
}

function Get-Secret {
    [CmdletBinding()]
    param (
        [string] $Name,
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )
    $config = Get-Config -LocalVaultName $AdditionalParameters.LocalVaultName
    if (!$config) {
        Write-Error "Unable to find configuration Vault $($AdditionalParameters.LocalVaultName) for Keeper Vault $($VaultName)"
        return $null
    }
    return [SecretManagement.Keeper.Client]::GetSecret($Name, $config).GetAwaiter().GetResult()
}

function Get-SecretInfo {
    [CmdletBinding()]
    param (
        [string] $Filter,
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )
    $config = Get-Config -LocalVaultName $AdditionalParameters.LocalVaultName
    if (!$config) {
        Write-Error "Unable to find configuration Vault $($AdditionalParameters.LocalVaultName) for Keeper Vault $($VaultName)"
        return $null
    }

    $secrets = [SecretManagement.Keeper.Client]::GetSecretsInfo($Filter, $config).GetAwaiter().GetResult()

    $secretsInfo = New-Object System.Collections.Generic.List[System.Object]
    foreach ($secret in $secrets) {
        $secretsInfo.Add([Microsoft.PowerShell.SecretManagement.SecretInformation]::new($secret, "Hashtable", $VaultName, $Metadata))                  
    }
    return $secretsInfo
}

function Set-Secret {
    [CmdletBinding()]
    param (
        [string] $Name,
        [object] $Secret,
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )
    
    $config = Get-Config -LocalVaultName $AdditionalParameters.LocalVaultName
    if (!$config) {
        Write-Error "Unable to find configuration Vault $($AdditionalParameters.LocalVaultName) for Keeper Vault $($VaultName)"
        return $null
    }

    $result = [SecretManagement.Keeper.Client]::SetSecret($Name, $Secret, $config).GetAwaiter().GetResult()
    if ($result.IsFailure) {
        Write-Error $result.ErrorMessage
        return
    }
}


function Remove-Secret {
    [CmdletBinding()]
    param (
        [string] $Name,
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )

    if ($Name -eq "ALL") {
        $vaults = Microsoft.Powershell.SecretManagement\Get-SecretVault
        $localVault = $vaults.Where( { $_.Name -eq $AdditionalParameters.LocalVaultName } )
        if ($localVault) {
            $moduleInstance = Import-Module -Name $localVault.ModuleName -PassThru
            $configSecretName = 'KeeperVault.' + $VaultName
            & $moduleInstance Remove-Secret -Name $configSecretName -VaultName $localVault.Name
        }
        $moduleInstance = Import-Module -Name Microsoft.PowerShell.SecretManagement -PassThru
        Microsoft.PowerShell.SecretManagement\Unregister-SecretVault -Name $VaultName
        Write-Host "Keeper Vault $($Name) has been removed"
        return
    }
    
    Write-Error "Remove-Secret is not supported for Keeper Vault"
}

function Test-SecretVault {
    [CmdletBinding()]
    param (
        [string] $VaultName,
        [hashtable] $AdditionalParameters
    )
    
    $config = Get-Config -LocalVaultName $AdditionalParameters.LocalVaultName
    if (!$config) {
        Write-Error "Unable to find configuration Vault $($AdditionalParameters.LocalVaultName) for Keeper Vault $($VaultName)"
        return $null
    }

    return [SecretManagement.Keeper.Client]::TestVault($config).GetAwaiter().GetResult()
}