search

joshcorr / SecretManagement.Hashicorp.Vault.KV

A PowerShell SecretManagement extension for Hashicorp Vault Key Value Engine
MIT License
30 stars 10 forks source link

Improvement/unattended authentication issue38 #39

Open phillippover opened 2 years ago

phillippover commented 2 years ago

Added Login parameter to AdditionalParameters. If Login is found when invoking Unlock-SecretVault with a supplied [SecureString]Password, a credential object is created to authenticate. If no Login supplied, existing Read-Host functionality is maintained. Works with both userpass and AppRole authentication methods supported.

Example of use: (these are generated UUIDs, not ones in use anywhere, provided as examples)

Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name "secret" -VaultParameters @{VaultServer = "http://localhost:8200"; VaultAuthType = "AppRole"; KVVersion = 'v1'; Login = "673f53a5-d513-459d-961d-e22771ddf147"}
Unlock-SecretVault -Name "secret" -Password (ConvertTo-SecureString "3c1f10e8-9899-4e75-b3f2-6a3752874562" -AsPlainText -Force)
jamie-wick commented 1 year ago

Is this still being worked on? We have a project where we would like to use an AppRole (non-interactive prompt) to return secret(s) from a Hashicorp vault. This looks like it might work for us.

joshcorr commented 1 year ago

Waiting on @phillippover to respond to or implement the requested changes.