Public/Vault/Get-VaultSecret.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
function Get-VaultSecret { [CmdletBinding()] param ( # The path to the secret [Parameter( Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0 )] [Alias('Path')] [string] $SecretPath ) try { Write-Verbose "Attempting to read $SecretPath from vault" $Secret = Invoke-NativeCommand ` -FilePath 'vault' ` -ArgumentList 'read', '-format=json', "$SecretPath" ` -PassThru ` -SuppressOutput # Now we've got the secret clean up the local file we've got hanging around Remove-Item $Secret.StdOutFilePath -Force $SecretJSON = $Secret | Select-Object -ExpandProperty OutputContent } catch { throw "Failed to fetch vault secret $SecretPath.`n$($_.Exception.Message)" } if (!$SecretJSON) { throw "Vault returned an empty secret for $SecretPath" } try { $ConvertedSecret = $SecretJSON | ConvertFrom-Json | Select-Object -ExpandProperty data Return $ConvertedSecret } catch { Write-Error "Failed to convert secret $SecretPath from JSON.`n$($_.Exception.Message)" } } |