better documentation needed

[ewhitesides]

can you provide more examples on general usage? i'm having trouble figuring out exactly how to access secrets.

[joshcorr]

Sure, I was planning on adding some more information based on #36

[ewhitesides]

Thanks.... I read through the code and tried this:

Install-Module Microsoft.PowerShell.SecretManagement -Scope 'AllUsers' -Force
Install-Module -Name SecretManagement.Hashicorp.Vault.KV -Scope 'AllUsers' -Force

$KVParams = @{
    VaultServer = "https://myserver.com" #runs from 443
    VaultAuthType = "Token"
}
Register-SecretVault -Module 'SecretManagement.Hashicorp.Vault.KV' -Name 'secret' -VaultParameters $KVParams -DefaultVault -AllowClobber

Get-Secret -Name 'mypath/ismanylevelsdeep/keyhere'

I think it might be the code is expecting only 1 path deep, but our org uses several paths deep.

The other issue I saw in the code is that the Test-SecretVault is looking at auth/token/lookup , but the token used may not necessarily have rights to read that path.

[ewhitesides]

i'm just going to write my own extension that works with my environment

[joshcorr]

The extension should support multiple depth paths. The trick with these extensions is that they only support specific input/output for secret management, so it conforms to their model of secret management (I.e. the test function is required and I needed to test a token/vault is present). There are some good standalone Vault PowerShell Modules in the PowerShell gallery. Alternatively the Vault Agent also works the best and is maintained by Hashicorp. 😀

[MB34]

So, where is the "better documentation"? You don't give enough examples to figure out how to use your module.