Extensions should be able to hook into `Register-SecretVault`

[itfranck]

Feature request. We have a hook into Unregister thanks to this request.

I would like a way to have my extension perform some validation or other actions before registering the vault.

Use cases relevant to me :

• Implemented module require some parameters to work properly. Validation could be done in the hook and prevent the registration if mandatory conditions are not met.

Az.keyvault is a good example of this. It requires SubscriptionId and VaultName to identify which Azure keyvault is targeted by the registration.

• Implemented module require some action to be performed prior the registration.

--

I had such a use case while looking at using SecretManagement for a CMS implementation that require :

• A mandatory vault parameter (for which I would issue a warning and prevent registration if not provided)
• The creation of a self-signed certificate and adding that newly created certificate to the user certificates.

A Register-SecretVault hook (before registration) would be complimentary to the recently added Unregister-SecretVault hook and also definitely have valid use cases (Validation & performing any relevant actions ).

Thank you for considering this.

[SydneyhSmith]

Thanks @itfranck we have tried to separate the registration of the vault from the loading of it for the best user experience...we believe Test-SecretVault helps to resolve this issue... we do not plan to implement this for the GA of the module but will also leave this open

[itfranck]

Usually I won't really use Test-SecretVault unless I am writing a script and / or encounter an issue. I was thinking more in the lines of having the error (eg: missing parameter) disclosed at registration time (through my hook up) rather than waiting upon the next operation in line (eg: Get / Set secret) to throw the error at the user.

It is kind of the same (but opposite) as the Unregister-secret where you now can (through hookup) have the unloading associated with the unregister operation.

But I am all good with the rendered verdict. Regards

[JustinGrote]

@SydneyhSmith after several vault implementations I'm just calling Test-SecretVault in every single command as the first line basically, it would be nice to be a little less ham-fisted with it.

Vault implementers can implement offline support, either by simply not implementing Register-SecretVault, or supporting offline creation via a vaultparameter, e.g. Register-SecretVault -Name myvault -Module myonlinemodule -VaultParameter @{DontValidate=$true}

[JustinGrote]

@SydneyhSmith @PaulHigin FYI, as follow up on this issue, another evidence where the current behavior was confusing to a user because it didn't show any errors until they did something so they assumed it worked. https://github.com/JustinGrote/SecretManagement.KeePass/issues/32#issuecomment-785259286

I still maintain that offline support should be done via vaultparameter rather than a mandated default.