Closed joshcorr closed 3 years ago
There is also a new Set-SecretInfo
command. You can use it to set metadata on existing secrets. If you want to remove metadata you just set it to an empty hashtable:
Set-SecretInfo -Name Test -Metadata @{} -Vault MyVaultKV2
Closing this for now as there is a good workaround but will re-open if there is more discussion
Sorry I didn't respond sooner @SydneyhSmith. The solution works for clearing metadata, but I guess I was asking more for a filter on removal. I was thinking metadata would be a solution for me, but maybe a more formalized -Filter
on this command would work.
My use case is for the Hashicorp Vault extension. Hashicorp provides the APIs to remove a specific version of a secret. The secret will always have the same name regardless of the version. The way Remove-Secret
works currently there is no option for the user of SecretManagement to provide which version they may want to remove. For now I am removing all versions, but would like to allow users to select which version, and possibly how it is removed (soft delete, hard delete). I have considered possibly capturing this with additional parameters when the vault is registered, but having an option when the cmdlet is used would provide more flexibility.
Currently -Metadata is only passed through
Set-Secret
, but it would be handy to have it available to theRemove-Secret
functions for vaults that may have versioning.Example:
It could still be left to the extension to implement this feature, to either remove the secret, or remove the metadata about the secret.