SecretManagement.Keeper.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
function Register-KeeperVault {
  [CmdletBinding(DefaultParameterSetName = 'Token')]
  param (
    [Parameter(Mandatory = $true)]
    [string] $Name,
    [Parameter(Mandatory = $true, ParameterSetName = 'Token')]
    [string] $OneTimeToken,
    [Parameter(Mandatory = $true, ParameterSetName = 'Config')]
    [string] $Config,
    [string] $LocalVaultName
  )
  if (($PSVersionTable.PSVersion.Major -lt 5) -or (($PSVersionTable.PSVersion.Major -eq 5) -and ($PSVersionTable.PSVersion.Minor -eq 0))) {
    Write-Error "Keeper Secrets Manager: this version of Powershell ($($PSVersionTable.PSVersion.ToString())) is not supported"
    return
  }
  $vaults = Microsoft.Powershell.SecretManagement\Get-SecretVault
  if ($LocalVaultName) {
    $localVaultModuleName = $vaults.Where( { $_.Name -eq $LocalVaultName } ) | Select-Object -ExpandProperty ModuleName
    if (!$localVaultModuleName) {
      Write-Error "Vault $($LocalVaultName) was not found"
      return
    }
  }
  else {
    $localVaultModuleName = 'Microsoft.PowerShell.SecretStore'
    $LocalVaultName = $vaults.Where( { $_.ModuleName -eq $localVaultModuleName } )[0] | Select-Object -ExpandProperty Name
    if (!$LocalVaultName) {
      Write-Error 'Microsoft.PowerShell.SecretStore vault was not found'
      return
    }
  }
  $configSecretName = 'KeeperVault.' + $Name
  Write-Host "Storing Keeper Vault config $($configSecretName) in $($localVaultModuleName) Vault named $($LocalVaultName)"
  $moduleInstance = Import-Module -Name $localVaultModuleName -PassThru -ErrorAction Stop
  switch ($PSCmdlet.ParameterSetName) {
    'Token' {
      $result = [SecretManagement.Keeper.Client]::GetVaultConfigFromToken($OneTimeToken).GetAwaiter().GetResult()
    }
    'Config' {
      $result = [SecretManagement.Keeper.Client]::GetVaultConfigFromConfigString($Config).GetAwaiter().GetResult()
    }
  }
  if ($result.IsFailure) {
    Write-Error $result.ErrorMessage 
    return
  }
  & $moduleInstance Set-Secret -Name $configSecretName -Secret $result.Data -VaultName $LocalVaultName  
  $vaultParameters = @{
    LocalVaultName = $LocalVaultName
  }
  Microsoft.Powershell.SecretManagement\Register-SecretVault -Name $Name -ModuleName SecretManagement.Keeper -VaultParameters $vaultParameters
  # for local testing
  # Microsoft.Powershell.SecretManagement\Register-SecretVault -Name $Name -ModuleName ./SecretManagement.Keeper.psd1 -VaultParameters $vaultParameters
}