SecretInformation objects should be pipeable to Get-Secret to retrieve specific secret

PowerShell / SecretManagement

PowerShell module to consistent usage of secrets through different extension vaults

MIT License

335 stars 47 forks source link

SecretInformation objects should be pipeable to Get-Secret to retrieve specific secret #97

Closed JustinGrote closed 3 years ago

JustinGrote commented 3 years ago

If I do a get-secretInfo -filter 'selectASingleSecret' | get-secret, it still searches all vaults, not fetching my specific secret from my specific vault

https://github.com/PowerShell/SecretManagement/blob/30991fd56ef43074c3ff76f303fbf35c9e46be7d/src/code/SecretManagement.cs#L1034-L1039

This should have an Alias of VaultName and also be ValueFromPipeline = $true in order to enable this functionality as [SecretInformation] has VaultName as a property.

There's lots of these inconsistencies that should be cleaned up with aliases I think to better support piping.

Filter vs. Name, Vault vs VaultName, AdditionalParameters vs VaultParameters, etc.

SydneyhSmith commented 3 years ago

Thanks @JustinGrote we are having some trouble reproducing this, Get-SecretInfo -Name foo | Get-Secret does return the specified secret? Let us know if you have expected/actual result repro steps..thanks!

JustinGrote commented 3 years ago

@SydneyhSmith the point is that it doesn't just search the vault that secretinfo returned, it searches all vaults, so if there's another secret with the same name, it will return that too.

Reproduce:

Create two vaults with different names
Create the same-named secret in both e.g. 'foo'
THen try Get-SecretInfo -Name foo -VaultName vault1 | get-secret
It should return two secrets instead of the expected one

This seems to happen because Get-Secret then iterates through all vaults for name foo instead of just getting the foo in the vault context that exists in the vaultname parameter of get-secretinfo, because it was only provided the name of the secret via the pipeline and not the vaultname context. This happens "above" the vault extension layer, I have no control over it.

PaulHigin commented 3 years ago

I am seeing an issue but not as describe here. Please always use the standard form for reporting bugs and including repro steps.

Get-Secret does not honor VaultName property when processing SecretInformation object input.

PS > Set-Secret Secret1 "MySecretV1" -Vault Vault1
PS > Set-Secret Secret1 "MySecretV2" -Vault Vault2
PS > Get-SecretInfo Secret1 -Vault Vault2 | Get-Secret -AsPlainText

Expected:
"MySecret2"

Actual:
"MySecret1"

PaulHigin commented 3 years ago

Fixed in RC2.

JustinGrote commented 3 years ago

@PaulHigin thank you!