diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55870a4..8dde243 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,12 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos
## Unreleased
+## 2026.06.07.0017
+
+- Build produced from commit 77cb03ec9845.
+
+## Unreleased (carried forward)
+
- Added Organization CRUD cmdlets: `Get-InfisicalOrganization`, `New-InfisicalOrganization`, `Update-InfisicalOrganization`, `Remove-InfisicalOrganization`. `Get` lists every organization the active session can see (List parameter set, default) and returns a single record when `-OrganizationId` is supplied (Single parameter set). `New`/`Update`/`Remove` honor `-WhatIf`/`-Confirm`; `Remove` defaults to High `ConfirmImpact` and supports `-PassThru`. No project context required. Backed by new `InfisicalOrganization` model, DTO, mapper, and client wired into `InfisicalEndpointRegistry` (`ListOrganizations`, `RetrieveOrganization`, `CreateOrganization`, `UpdateOrganization`, `DeleteOrganization`).
- Added Sub-Organization CRUD cmdlets: `Get-InfisicalSubOrganization`, `New-InfisicalSubOrganization`, `Update-InfisicalSubOrganization`, `Remove-InfisicalSubOrganization`, targeting the `/api/v1/sub-organizations` Beta endpoints. `Get` lists by default and accepts optional `-Limit`, `-Offset`, `-Search`, `-OrderBy`, `-OrderDirection`, and `-IsAccessible` query parameters; supplying `-SubOrganizationId` returns a single record. `New`/`Update`/`Remove` honor `-WhatIf`/`-Confirm`; `Remove` defaults to High `ConfirmImpact` and supports `-PassThru`. No project context required. Backed by new `InfisicalSubOrganization` model, DTO, mapper, and client wired into `InfisicalEndpointRegistry` (`ListSubOrganizations`, `RetrieveSubOrganization`, `CreateSubOrganization`, `UpdateSubOrganization`, `DeleteSubOrganization`).
- Added `Get-InfisicalSANList` cmdlet: emits a deduplicated SAN candidate set containing the local device name, the device name suffixed with each non-empty DNS suffix found across operational adapters and the system primary domain, every IPv4 unicast address falling within RFC 1918 (10/8, 172.16/12, 192.168/16) or CGNAT (100.64/10), and the IPv4/IPv6 loopback addresses (127.0.0.1, ::1). Intended to feed `Request-InfisicalCertificate -DnsName` directly.
diff --git a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
index 2c94d87..e8b4746 100644
--- a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
+++ b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
@@ -1,6 +1,6 @@
@{
RootModule = 'PSInfisicalAPI.psm1'
- ModuleVersion = '2026.06.06.2229'
+ ModuleVersion = '2026.06.07.0017'
GUID = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
Author = 'Grace Solutions'
CompanyName = 'Grace Solutions'
@@ -35,6 +35,14 @@
'New-InfisicalTag',
'Update-InfisicalTag',
'Remove-InfisicalTag',
+ 'Get-InfisicalOrganization',
+ 'New-InfisicalOrganization',
+ 'Update-InfisicalOrganization',
+ 'Remove-InfisicalOrganization',
+ 'Get-InfisicalSubOrganization',
+ 'New-InfisicalSubOrganization',
+ 'Update-InfisicalSubOrganization',
+ 'Remove-InfisicalSubOrganization',
'Get-InfisicalCertificateAuthority',
'Get-InfisicalPkiSubscriber',
'Get-InfisicalCertificateProfile',
@@ -51,7 +59,8 @@
'Get-InfisicalScepMdmProfile',
'Export-InfisicalScepMdmProfile',
'Write-InfisicalScepMdmProfileToWmi',
- 'Start-InfisicalProcess'
+ 'Start-InfisicalProcess',
+ 'Get-InfisicalSANList'
)
AliasesToExport = @()
VariablesToExport = @()
@@ -63,7 +72,7 @@
LicenseUri = 'https://www.gnu.org/licenses/agpl-3.0.html'
ProjectUri = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
- CommitHash = '207e7429e448'
+ CommitHash = '77cb03ec9845'
}
}
}
\ No newline at end of file
diff --git a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll
index b51ab16..9376fcb 100644
Binary files a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll and b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll differ
diff --git a/Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml b/Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml
index 7b31ff4..24f3026 100644
--- a/Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml
+++ b/Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml
@@ -1701,4 +1701,322 @@ $StartInfisicalProcessResult = Start-InfisicalProcess @StartInfisicalProcessPara
+
+
+ Get-InfisicalOrganization
+ Lists or retrieves Infisical organizations accessible to the current identity.
+ Get
+ InfisicalOrganization
+
+
+ Default (List parameter set) returns every organization the active session can see; visibility is governed by Infisical's role assignments. When -OrganizationId is supplied (Single parameter set) the cmdlet returns one organization. Does not require a project context.
+
+
+ Notes
+
+ The List-mode result is an array of InfisicalOrganization objects; pipe into Where-Object or Select-Object to filter by Slug, Name, or Id. The cmdlet accepts pipeline input by property name on -OrganizationId.
+
+
+
+
+ EXAMPLE 1
+ Get-InfisicalOrganization
+ Lists every organization the current session can see.
+
+
+ EXAMPLE 2
+ Get-InfisicalOrganization -OrganizationId $OrganizationId
+ Retrieves the canonical record for a single organization by id.
+
+
+
+
+
+
+ New-InfisicalOrganization
+ Creates a new Infisical organization.
+ New
+ InfisicalOrganization
+
+
+ Creates a new organization with the supplied name and optional slug. Honors -WhatIf and -Confirm. Requires server-side permission to create organizations.
+
+
+ Notes
+
+ Slug must be unique server-side; if omitted, the server derives one from the name.
+
+
+
+
+ EXAMPLE 1
+ New-InfisicalOrganization -Name 'Acme Corporation'
+ Creates a new organization named 'Acme Corporation' with a server-derived slug.
+
+
+ EXAMPLE 2
+ $NewInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$NewInfisicalOrganizationParameters.Name = 'Acme Corporation'
+$NewInfisicalOrganizationParameters.Slug = 'acme-corp'
+$NewInfisicalOrganizationParameters.Verbose = $True
+
+$NewInfisicalOrganizationResult = New-InfisicalOrganization @NewInfisicalOrganizationParameters
+ Creates an organization with an explicit slug.
+
+
+
+
+
+
+ Update-InfisicalOrganization
+ Updates mutable attributes on an existing Infisical organization.
+ Update
+ InfisicalOrganization
+
+
+ Updates the name or slug of an organization. -OrganizationId is required. Only bound parameters are transmitted. Honors -WhatIf and -Confirm.
+
+
+ Notes
+
+ Renaming or re-slugging an organization may affect billing exports and identity URLs; coordinate with downstream consumers.
+
+
+
+
+ EXAMPLE 1
+ Update-InfisicalOrganization -OrganizationId $OrganizationId -Name 'Acme Corp.'
+ Renames the supplied organization.
+
+
+ EXAMPLE 2
+ $UpdateInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$UpdateInfisicalOrganizationParameters.OrganizationId = $OrganizationId
+$UpdateInfisicalOrganizationParameters.Name = 'Acme Corp.'
+$UpdateInfisicalOrganizationParameters.Slug = 'acme-corp'
+$UpdateInfisicalOrganizationParameters.Verbose = $True
+
+$UpdateInfisicalOrganizationResult = Update-InfisicalOrganization @UpdateInfisicalOrganizationParameters
+ Renames the organization and updates its slug.
+
+
+
+
+
+
+ Remove-InfisicalOrganization
+ Deletes an Infisical organization.
+ Remove
+ InfisicalOrganization
+
+
+ Deletes an organization by id. -OrganizationId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed organization id.
+
+
+ Notes
+
+ This is irreversible and removes all projects, sub-organizations, secrets, and identities owned by the organization. Honors -WhatIf and -Confirm.
+
+
+
+
+ EXAMPLE 1
+ Remove-InfisicalOrganization -OrganizationId $OrganizationId -Confirm:$False
+ Deletes the supplied organization without prompting.
+
+
+ EXAMPLE 2
+ $RemoveInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$RemoveInfisicalOrganizationParameters.OrganizationId = $OrganizationId
+$RemoveInfisicalOrganizationParameters.PassThru = $True
+$RemoveInfisicalOrganizationParameters.Confirm = $False
+$RemoveInfisicalOrganizationParameters.Verbose = $True
+
+$RemoveInfisicalOrganizationResult = Remove-InfisicalOrganization @RemoveInfisicalOrganizationParameters
+ Removes the organization without confirmation and emits the removed organization id for logging.
+
+
+
+
+
+
+ Get-InfisicalSubOrganization
+ Lists or retrieves Infisical sub-organizations accessible to the current identity.
+ Get
+ InfisicalSubOrganization
+
+
+ Default (List parameter set) returns every sub-organization the active session can see. Optional -Limit, -Offset, -Search, -OrderBy, -OrderDirection, and -IsAccessible are forwarded to the server as query parameters. When -SubOrganizationId is supplied (Single parameter set) the cmdlet returns one sub-organization. Does not require a project context.
+
+
+ Notes
+
+ Sub-organizations are a beta Infisical feature. The List result is an array of InfisicalSubOrganization objects; pipe into Where-Object or Select-Object to filter further. The cmdlet accepts pipeline input by property name on -SubOrganizationId.
+
+
+
+
+ EXAMPLE 1
+ Get-InfisicalSubOrganization
+ Lists every sub-organization the current session can see.
+
+
+ EXAMPLE 2
+ Get-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId
+ Retrieves the canonical record for a single sub-organization by id.
+
+
+ EXAMPLE 3
+ Get-InfisicalSubOrganization -Search 'platform' -OrderBy 'name' -OrderDirection 'asc' -Limit 25 -IsAccessible
+ Lists up to 25 sub-organizations matching 'platform', sorted ascending by name, restricted to those the current identity has access to.
+
+
+
+
+
+
+ New-InfisicalSubOrganization
+ Creates a new Infisical sub-organization.
+ New
+ InfisicalSubOrganization
+
+
+ Creates a sub-organization with the supplied name and slug. Both are required by the server. Honors -WhatIf and -Confirm.
+
+
+ Notes
+
+ Slug must be unique within the parent organization. Sub-organizations are a beta Infisical feature.
+
+
+
+
+ EXAMPLE 1
+ New-InfisicalSubOrganization -Name 'Platform Engineering' -Slug 'platform-eng'
+ Creates a new sub-organization named 'Platform Engineering' with slug 'platform-eng'.
+
+
+ EXAMPLE 2
+ $NewInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$NewInfisicalSubOrganizationParameters.Name = 'Platform Engineering'
+$NewInfisicalSubOrganizationParameters.Slug = 'platform-eng'
+$NewInfisicalSubOrganizationParameters.Verbose = $True
+
+$NewInfisicalSubOrganizationResult = New-InfisicalSubOrganization @NewInfisicalSubOrganizationParameters
+ Splatted invocation that creates a sub-organization and logs the request via the verbose stream.
+
+
+
+
+
+
+ Update-InfisicalSubOrganization
+ Updates mutable attributes on an existing Infisical sub-organization.
+ Update
+ InfisicalSubOrganization
+
+
+ Updates the name or slug of a sub-organization. -SubOrganizationId is required. Only bound parameters are transmitted. Honors -WhatIf and -Confirm.
+
+
+ Notes
+
+ Sub-organizations are a beta Infisical feature; coordinate slug changes with downstream consumers that pin the slug in scripts or configuration files.
+
+
+
+
+ EXAMPLE 1
+ Update-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId -Name 'Platform (v2)'
+ Renames the supplied sub-organization.
+
+
+ EXAMPLE 2
+ $UpdateInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$UpdateInfisicalSubOrganizationParameters.SubOrganizationId = $SubOrganizationId
+$UpdateInfisicalSubOrganizationParameters.Name = 'Platform (v2)'
+$UpdateInfisicalSubOrganizationParameters.Slug = 'platform-v2'
+$UpdateInfisicalSubOrganizationParameters.Verbose = $True
+
+$UpdateInfisicalSubOrganizationResult = Update-InfisicalSubOrganization @UpdateInfisicalSubOrganizationParameters
+ Renames the sub-organization and updates its slug in a single call.
+
+
+
+
+
+
+ Remove-InfisicalSubOrganization
+ Deletes an Infisical sub-organization.
+ Remove
+ InfisicalSubOrganization
+
+
+ Deletes a sub-organization by id. -SubOrganizationId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed sub-organization id.
+
+
+ Notes
+
+ This is destructive and removes all projects, secrets, and identities scoped to the sub-organization. Honors -WhatIf and -Confirm.
+
+
+
+
+ EXAMPLE 1
+ Remove-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId -Confirm:$False
+ Deletes the supplied sub-organization without prompting.
+
+
+ EXAMPLE 2
+ $RemoveInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$RemoveInfisicalSubOrganizationParameters.SubOrganizationId = $SubOrganizationId
+$RemoveInfisicalSubOrganizationParameters.PassThru = $True
+$RemoveInfisicalSubOrganizationParameters.Confirm = $False
+$RemoveInfisicalSubOrganizationParameters.Verbose = $True
+
+$RemoveInfisicalSubOrganizationResult = Remove-InfisicalSubOrganization @RemoveInfisicalSubOrganizationParameters
+ Removes the sub-organization without confirmation and emits the removed id for logging.
+
+
+
+
+
+
+ Get-InfisicalSANList
+ Builds a deduplicated list of Subject Alternative Name candidates for the local device.
+ Get
+ InfisicalSANList
+
+
+ Returns, in order: the local device name; the device name suffixed with each non-empty DNS suffix found on any operational (non-loopback) network adapter and the system primary domain; every IPv4 unicast address whose first octets fall within RFC 1918 (10/8, 172.16/12, 192.168/16) or CGNAT (100.64/10); and the IPv4 and IPv6 loopback addresses (127.0.0.1, ::1). Optional -InclusionExpression and -ExclusionExpression regex filters are applied in that order after collection, before output. Suitable as a one-shot SAN provider for Request-InfisicalCertificate -DnsName.
+
+
+ Notes
+
+ Output is a single strongly-typed System.String[] array (emitted non-enumerated) so it round-trips into [System.Collections.Generic.List[string]]::AddRange() and binds directly to string[] parameters such as Request-InfisicalCertificate -DnsName. The device name comes first so it can be reused as a CommonName. Routable public IPv4 addresses, link-local addresses, and IPv6 unicast addresses other than loopback are intentionally excluded. -InclusionExpression and -ExclusionExpression are case-insensitive .NET regular expressions; inclusion is applied first, then exclusion.
+
+
+
+
+ EXAMPLE 1
+ Get-InfisicalSANList
+ Returns the SAN candidate list for the current device.
+
+
+ EXAMPLE 2
+ $Sans = Get-InfisicalSANList
+Request-InfisicalCertificate -ProjectId $ProjectId -CertificateAuthorityId $CaId -CommonName $Sans[0] -DnsName $Sans -Ttl '90d'
+ Captures the SAN list, then uses the device name as the CommonName and the full list as DnsName when requesting a certificate.
+
+
+ EXAMPLE 3
+ $GetInfisicalSANListParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
+$GetInfisicalSANListParameters.InclusionExpression = '\.gracesolution\.prv$|^10\.|^172\.'
+$GetInfisicalSANListParameters.ExclusionExpression = '^127\.|^::1$'
+$Sans = Get-InfisicalSANList @GetInfisicalSANListParameters
+ Keeps only entries ending in the corporate DNS suffix or sitting in the 10/8 or 172/12 ranges, then drops loopback. Filters are case-insensitive and applied in fetch -> include -> exclude -> output order.
+
+
+
+