search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.27k stars 3.87k forks source link

Secret unexpectedly deleted from keyvault #25975

Open danikuci1 opened 2 months ago

danikuci1 commented 2 months ago

Description

cross-reference of https://github.com/PowerShell/SecretManagement/issues/227

Issue script & Debug output

PS> Set-Secret -Name "SomeSecret" -SecureStringSecret $NewPasswordSecureString -Vault MyVault -Metadata @{Expiration = (Get-Date).AddMonth(1)}

 ^^ this doesnt set metadata but deletes the secret

Exception             :
    Type        : System.Management.Automation.PSNotSupportedException
    ErrorRecord :
        Exception             :
            Type    : System.Management.Automation.ParentContainsErrorRecordException
            Message : Cannot add secret metadata '...' to vault '...: The vault does not support the
Set-SecretInfo function.
            HResult : -2146233087
        CategoryInfo          : NotImplemented: (:) [], ParentContainsErrorRecordException
        FullyQualifiedErrorId : NotSupported
    Message     : Cannot add secret metadata '...' to vault '...: The vault does not support the
Set-SecretInfo function.
    HResult     : -2146233067
TargetObject          : Microsoft.PowerShell.SecretManagement.ExtensionVaultModule
CategoryInfo          : NotImplemented: (Microsoft.PowerShel…xtensionVaultModule:ExtensionVaultModule) [Set-Secret],
PSNotSupportedException
FullyQualifiedErrorId : SetSecretMetadataCommandNotSupported,Microsoft.PowerShell.SecretManagement.SetSecretCommand
InvocationInfo        :
    MyCommand        : Set-Secret
    ScriptLineNumber : 1
    OffsetInLine     : 1
    HistoryId        : 48
    Line             : Set-Secret -Name "..." -SecureStringSecret $(New-Password -SecureString) -Vault
...-Metadata @{Expiration = (Get-Date).AddDays(100)} -Debug
    PositionMessage  : At line:1 char:1
                       + Set-Secret -Name "..." -SecureStringSecret $(New-Password -Sec …
                       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    InvocationName   : Set-Secret
    CommandOrigin    : Internal
ScriptStackTrace      : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo :

Environment data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.4
PSEdition                      Core
GitCommitId                    7.4.4
OS                             Microsoft Windows 10.0.20348
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                              
---------- -------    ---------- ----                             
Script     3.0.3                 Az.Accounts                      
Script     6.0.1                 az.keyvault

Error output

Message        : Cannot add secret metadata 'asdf' to vault 'asdf: The vault does not support the
                 Set-SecretInfo function.
StackTrace     :
Exception      : System.Management.Automation.PSNotSupportedException
InvocationInfo : {Set-Secret}
Line           : Set-Secret -Name 'asdf' -Vault asdf-Secret (New-Password -SecureString) -Metadata
                 @{Expiration = (Get-Date).AddMonths(1)}
Position       : At line:1 char:1
                 + Set-Secret -Name 'asdf' -Vault asdf -Secret (New-Password -S …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
danikuci1 commented 2 months ago

opened this issue as requested to cross-reference https://github.com/PowerShell/SecretManagement/issues/227