-
Notifications
You must be signed in to change notification settings - Fork 29
/
Import-SecretVault.ps1
71 lines (64 loc) · 2.89 KB
/
Import-SecretVault.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<#
.SYNOPSIS
Imports secrets into secret vaults.
.NOTES
This is likely the configuration you'll need to run this:
Set-SecretStoreConfiguration -Scope CurrentUser -Authentication None -Interaction None
.INPUTS
System.Management.Automation.PSObject with these fields:
* Name: The secret name, used to identify the secret.
* Type: The data type of the secret.
* VaultName: Which vault the secret is stored in.
* Metadata: A simple hash (string to string/int/datetime) of extra secret context details.
.FUNCTIONALITY
Credential
.LINK
https://devblogs.microsoft.com/powershell/secretmanagement-and-secretstore-are-generally-available/
.EXAMPLE
Get-Content ~/secrets.json |ConvertFrom-Json |Import-SecretVault.ps1
Restores secrets to vaults.
#>
#Requires -Version 7
#Requires -Modules Microsoft.PowerShell.SecretStore,Microsoft.PowerShell.SecretManagement
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText','',
Justification='This script exports secrets.')]
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword','',
Justification='This script exports secrets.')]
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingUsernameAndPasswordParams','',
Justification='This script exports secrets.')]
[CmdletBinding(ConfirmImpact='High',SupportsShouldProcess=$true)] Param(
[Parameter(ValueFromPipelineByPropertyName=$true)][string] $Name,
[Parameter(ValueFromPipelineByPropertyName=$true)][string] $Type,
[Parameter(ValueFromPipelineByPropertyName=$true)][psobject] $Value,
[Parameter(ValueFromPipelineByPropertyName=$true)][string] $Vault,
[Parameter(ValueFromPipelineByPropertyName=$true)][psobject] $Metadata
)
Begin
{
filter ConvertTo-Credential
{
[CmdletBinding()] Param(
[Parameter(ValueFromPipelineByPropertyName=$true)][string] $UserName,
[Parameter(ValueFromPipelineByPropertyName=$true)][string] $Password
)
return New-Object PSCredential $UserName,(ConvertTo-SecureString $Password -AsPlainText -Force)
}
}
Process
{
if(!(Get-SecretVault $Vault -ErrorAction Ignore))
{
Register-SecretVault -Name $Vault -ModuleName Microsoft.PowerShell.SecretStore
}
$meta = @($Metadata.PSObject.Properties).Count ? @{Metadata=ConvertTo-OrderedDictionary.ps1 $Metadata} : @{}
foreach($k in $meta.Keys) {if($meta[$k] -is [long]){$meta[$k] = [int]$meta[$k]}}
switch($Type)
{
ByteArray {Set-Secret $Name ([Convert]::FromHexString($Value)) -Vault $Vault @meta}
String {Set-Secret $Name $Value -Vault $Vault @meta}
SecureString {Set-Secret $Name (ConvertTo-SecureString $Value -AsPlainText -Force) -Vault $Vault @meta}
PSCredential {Set-Secret $Name ($Value |ConvertTo-Credential) -Vault $Vault @meta}
Hashtable {Set-Secret $Name (ConvertTo-OrderedDictionary.ps1 $Value) -Vault $Vault @meta} # not yet supported
default {Set-Secret $Name $Value -Vault $Vault @meta}
}
}