Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Az.Keyvaut - SecretManagement - Modification to Secret parameter and support for SecureStringSecret #12190

Closed
itfranck opened this issue Jun 17, 2020 · 1 comment · Fixed by #13506
Closed

Az.Keyvaut - SecretManagement - Modification to Secret parameter and support for SecureStringSecret #12190

itfranck opened this issue Jun 17, 2020 · 1 comment · Fixed by #13506
Assignees
@BethanyZhou
Labels
Azure PS Team customer-reported feature-request This issue requires a new behavior in the product in order be resolved. KeyVault
Milestone
S179 (2020-12-08)

Comments

@itfranck
Copy link

itfranck commented Jun 17, 2020
edited
Loading

The implementation of the Microsoft.Powershell.SecretManagement module helper have a SecretValue parameter that accept a secure string.

It would be nice for the implementation to match the SecretManagementModule.

Powershell implementation of the module have 2 parameters

-SecretValue accept object (supported are)
ByteArray
String
PSCredential
Hashtable

-SecureStringSecret accept a secure string.

$Vault = @{'Vault' = 'CICD-Azkeyvault' }
$credential = [System.Management.Automation.PSCredential]::new('Hello', ('World' | ConvertTo-SecureString -AsPlainText -Force)) 
[byte[]]$Arr = 1, 2, 3


# Az.KeyVault supported
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  ('shhhh' | ConvertTo-SecureString -AsPlainText -Force)

# Unsupported
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  'shhhh' # String value
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  @{'Hello'='World';'Foo'='Bar'} #Hashtable
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  $credential #  PSCredential
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  $Arr  #ByteArray

# Also unsupported, the -SecureStringSecret parameter, which is there if you want to ensure that only a secure string can be passed down
Set-Secret @vault -Name 'MySuperSecret-shhh'  -SecureStringSecret   ('shhhh' | ConvertTo-SecureString -AsPlainText -Force)


# List was obtained from SecretManagement Enum
[Enum]::GetNames([Microsoft.PowerShell.SecretManagement.SecretType])

Relevant
Set-Secret helper support -SecretValue as object (but not -SecureStringSecret) here
SetSecret Keyvault implementation -SecretValue is a SecureString here
@ghost ghost added the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Jun 17, 2020
This was referenced Jun 17, 2020
Closed
Open
@dingmeng-xue dingmeng-xue added customer-reported feature-request This issue requires a new behavior in the product in order be resolved. KeyVault and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jun 18, 2020
@dingmeng-xue
Copy link
Member

@itfranck , thanks for suggestions. We will evaluate it.

@dingmeng-xue dingmeng-xue added this to the Backlog milestone Jul 9, 2020
@dingmeng-xue dingmeng-xue assigned BethanyZhou and unassigned dcaro Nov 2, 2020
@BethanyZhou BethanyZhou linked a pull request Nov 20, 2020 that will close this issue
Secret Management Extension for AKV #13506
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BethanyZhou BethanyZhou

Labels
Azure PS Team customer-reported feature-request This issue requires a new behavior in the product in order be resolved. KeyVault
Projects
None yet
Milestone
S179 (2020-12-08)
Development

Successfully merging a pull request may close this issue.

Secret Management Extension for AKV BethanyZhou/azure-powershell
4 participants
@itfranck @dcaro @BethanyZhou @dingmeng-xue