[Feature]: Invoke-AzKeyVaultKeyOperation allow plain text input for the -value parameter

[risksoft-atacana]

Description of the new feature

Hello Team,

I hava a use case where I encrypt something using a key vault key using power automate and then run an azure automation runbook via webhook and send that encrypted data. Because the value Invoke-AzKeyVaultKeyOperation requires a secure.string i cannot decrypt the payload as converting that payload to secure.string will change the payload and the decryption operation in the runbook will fail.

Proposed implementation details (optional)

Allow [string] types to -value parameter

[risksoft-atacana]

/unresolve

[risksoft-atacana]

Hello Team,

I'm sorry if I shouldn't have reopened this but its the first time I'm using this feature request and I don't really understand how it works. You closed the request telling me that it has been address.

Does it mean that it will be implemented? If yes is there a timeline? Does it mean that the feature already exists? If yes is there a tutorial on how to use it?
Does it mean its not something up for consideration and it will not be implemented?

[BethanyZhou]

Hi @risksoft-atacana ,

we introduced a parameter called ByteArrayValue in Invoke-AzKeyVaultKeyOperation in Az.KeyVault >= 5.1.0, which supports operating byte array without conversion to secure string. If you have a plain text and won't/can't convert it to secure string, try following method:

# Encrypts plain text using an encryption key
$plainText = "test"
$byteArray = [system.Text.Encoding]::UTF8.GetBytes($plainText)
$encryptedData = Invoke-AzKeyVaultKeyOperation -Operation Encrypt -Algorithm RSA1_5 -VaultName test-kv -Name test-key -ByteArrayValue $byteArray
$encryptedData
# Decrypt encrypted data to plain text
$decryptedData = Invoke-AzKeyVaultKeyOperation -Operation Decrypt -Algorithm RSA1_5 -VaultName test-kv -Name test-key -ByteArrayValue $encryptedData.RawResult
$plainText = [system.Text.Encoding]::UTF8.GetString($decryptedData.RawResult)
$plainText

UTF8 may not be best way to encode plain text to bytes, you can try any way you want to use. Please let me know if you need further assistance.

[microsoft-github-policy-service]

Hi @risksoft-atacana. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

[microsoft-github-policy-service]

Hi @risksoft-atacana, since you haven't asked that we "/unresolve" the issue, we'll close this out. If you believe further discussion is needed, please add a comment "/unresolve" to reopen the issue.