Closed ewhitesides closed 2 years ago
Sure, I was planning on adding some more information based on #36
Thanks.... I read through the code and tried this:
Install-Module Microsoft.PowerShell.SecretManagement -Scope 'AllUsers' -Force
Install-Module -Name SecretManagement.Hashicorp.Vault.KV -Scope 'AllUsers' -Force
$KVParams = @{
VaultServer = "https://myserver.com" #runs from 443
VaultAuthType = "Token"
}
Register-SecretVault -Module 'SecretManagement.Hashicorp.Vault.KV' -Name 'secret' -VaultParameters $KVParams -DefaultVault -AllowClobber
Get-Secret -Name 'mypath/ismanylevelsdeep/keyhere'
I think it might be the code is expecting only 1 path deep, but our org uses several paths deep.
The other issue I saw in the code is that the Test-SecretVault is looking at auth/token/lookup , but the token used may not necessarily have rights to read that path.
i'm just going to write my own extension that works with my environment
The extension should support multiple depth paths. The trick with these extensions is that they only support specific input/output for secret management, so it conforms to their model of secret management (I.e. the test function is required and I needed to test a token/vault is present). There are some good standalone Vault PowerShell Modules in the PowerShell gallery. Alternatively the Vault Agent also works the best and is maintained by Hashicorp. 😀
So, where is the "better documentation"? You don't give enough examples to figure out how to use your module.
can you provide more examples on general usage? i'm having trouble figuring out exactly how to access secrets.