Closed Agazoth closed 4 years ago
I can't really comment on this, since there is no information about how MyVault
extension is implemented. There seems to be a bug in the implementation.
The MyVault extension is implemented in the same way as your AKKeyVAultScript:
function Get-Secret
{
param (
[string] $Name,
[hashtable] $AdditionalParameters
)
Check-SubscriptionLogIn $AdditionalParameters.SubscriptionId $AdditionalParameters.AZKVaultName
Import-Module -Name Az.KeyVault
$secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName
if ($secret -ne $null)
{
return $secret.SecretValue
}
}
But in stead of delivering a securestring, it delivers a PSCredential object:
return [pscredential]::new($Secret.Name,$Secret.SecretValue)
The PSCredential object is returned if the code is run directly in the PowerSehll console.
Sorry for the late reply. I tried to repro this but was unable to. I modified the AKVaultScript code to return a PSCredential type as you show above.
...
$secret = Az.KeyVault\Get-AzKeyVaultSecret -Name $Name -VaultName $AdditionalParameters.AZKVaultName
if ($secret -ne $null)
{
# return $secret.SecretValue
return [pscredential]::new($secret.Name, $secret.SecretValue)
}
But I get the expected behavior:
PS C:\> Get-Secret CredToken -Vault AzKeyVaultS
UserName Password
-------- --------
CredToken System.Security.SecureString
And Get-SecretInfo -Name MySecret -Vault MyVault does return the secret?
Yes, as shown above it returns the PSCredential object as expected.
When returning a PSCredential object to the Module I get Get-Secret: The secret was not found.
Steps to reproduce
Build an extension that returns a PSCredential object
Expected behavior
Actual behavior
Environment data
Module version: