Feature Request: -Metadata on Remove-Secret

[joshcorr]

Currently -Metadata is only passed through Set-Secret, but it would be handy to have it available to the Remove-Secret functions for vaults that may have versioning.

Example:

Set-Secret -Name Test -Secret $something -Metadata @{version=1} -Vault MyVaultKV2
Set-Secret -Name Test -Secret $something2 -Metadata @{version=2} -Vault MyVaultKV2
Remove-Secret -Name Test -Metadata @{version=1} -Vault MyVaultKV2

It could still be left to the extension to implement this feature, to either remove the secret, or remove the metadata about the secret.

[PaulHigin]

There is also a new Set-SecretInfo command. You can use it to set metadata on existing secrets. If you want to remove metadata you just set it to an empty hashtable:

Set-SecretInfo -Name Test -Metadata @{} -Vault MyVaultKV2

[SydneyhSmith]

Closing this for now as there is a good workaround but will re-open if there is more discussion

[joshcorr]

Sorry I didn't respond sooner @SydneyhSmith. The solution works for clearing metadata, but I guess I was asking more for a filter on removal. I was thinking metadata would be a solution for me, but maybe a more formalized -Filter on this command would work.

My use case is for the Hashicorp Vault extension. Hashicorp provides the APIs to remove a specific version of a secret. The secret will always have the same name regardless of the version. The way Remove-Secret works currently there is no option for the user of SecretManagement to provide which version they may want to remove. For now I am removing all versions, but would like to allow users to select which version, and possibly how it is removed (soft delete, hard delete). I have considered possibly capturing this with additional parameters when the vault is registered, but having an option when the cmdlet is used would provide more flexibility.