As a user of SecretsManagement
In order to reliably reason about and code against the output of Get-SecretInfo
It must contain the secret name in a consistent place
It must contain the secret type in a consistent place
It must contain the registered vault name
It should contain the vault module name
In other words, the object returned from Get-SecretInfo needs more structure. At the very least, it's critical that they all have a "Name" which can be passed to Get-Secret, but in order to guarantee looking up the correct secret, they should also have the registered vaultName on them (and Get-Secret needs to support those parameters as ValueFromPipelineByPropertyName). Additionally, the type of secret they are is important, so that users can programmatically search for specific types of secrets.
Proposed technical implementation details
Get-SecretInfo and GetSecretInfo should have a return type based on a new class or interface. That is, the SecretsManagement module should define SecretInformation and require that returned objects be based on that type. For example:
namespace Microsoft.PowerShell.SecretsManagement
{
public class SecretInformation
{
public string ModuleName { get; }
public string VaultName { get; }
public string Name { get; }
public SupportedTypes Type { get; }
public SecretInformation(string moduleName, string vaultName, string name, SupportedTypes type)
{
if (string.IsNullOrEmpty(moduleName))
{
throw new ArgumentNullException("moduleName");
}
if (string.IsNullOrEmpty(vaultName))
{
throw new ArgumentNullException("vaultName");
}
if (string.IsNullOrEmpty(name))
{
throw new ArgumentNullException("name");
}
ModuleName = moduleName;
VaultName = vaultName;
Name = name;
Type = type;
}
}
}
Of course, if implementers write their own classes derived from this, they should include format files for them.
NOTE: the "VaultName" and "ModuleName" could be added as a NoteProperty by the SecretsManagement module, but I'm not sure it's worth implementing that way.
Summary of the new feature/enhancement
As a user of SecretsManagement In order to reliably reason about and code against the output of Get-SecretInfo It must contain the secret name in a consistent place It must contain the secret type in a consistent place It must contain the registered vault name It should contain the vault module name
In other words, the object returned from
Get-SecretInfo
needs more structure. At the very least, it's critical that they all have a "Name" which can be passed toGet-Secret
, but in order to guarantee looking up the correct secret, they should also have the registered vaultName on them (and Get-Secret needs to support those parameters asValueFromPipelineByPropertyName
). Additionally, thetype
of secret they are is important, so that users can programmatically search for specific types of secrets.Proposed technical implementation details
Get-SecretInfo and GetSecretInfo should have a return type based on a new class or interface. That is, the SecretsManagement module should define
SecretInformation
and require that returned objects be based on that type. For example:Of course, if implementers write their own classes derived from this, they should include format files for them.
NOTE: the "VaultName" and "ModuleName" could be added as a NoteProperty by the SecretsManagement module, but I'm not sure it's worth implementing that way.