Add plain-text accessors for secrets

InfisicalSecret.GetPlainTextValue() returns the SecureString contents as a managed string for ergonomic PowerShell access. ConvertTo-InfisicalSecretDictionary -AsPlainText emits Dictionary<string,string> instead of Dictionary<string,SecureString>; default behavior unchanged. Export-InfisicalSecrets already writes plain text via secret.UsePlainTextValue(), so no switch was added there.

CHANGELOG.md

@@ -6,6 +6,14 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos
 
 ## Unreleased
 
+## 2026.06.03.0113
+
+- Build produced from commit 09c577ebd0fd.
+- Added `InfisicalSecret.GetPlainTextValue()` for direct plain-text access to secret material from PowerShell without needing `Marshal.SecureStringToBSTR`.
+- Added `-AsPlainText` switch to `ConvertTo-InfisicalSecretDictionary`; when present the cmdlet emits `Dictionary<string, string>` instead of the default `Dictionary<string, SecureString>`.
+
+## Unreleased (carried forward)
+
 ## 2026.06.03.0057
 
 - Build produced from commit 7e5209190ac2.

Module/PSInfisicalAPI/PSInfisicalAPI.psd1

@@ -1,6 +1,6 @@
 @{
     RootModule           = 'PSInfisicalAPI.psm1'
-    ModuleVersion        = '2026.06.03.0057'
+    ModuleVersion        = '2026.06.03.0113'
     GUID                 = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
     Author               = 'Grace Solutions'
     CompanyName          = 'Grace Solutions'
@@ -27,7 +27,7 @@
             LicenseUri   = 'https://www.gnu.org/licenses/agpl-3.0.html'
             ProjectUri   = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
             ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
-            CommitHash   = '7e5209190ac2'
+            CommitHash   = '09c577ebd0fd'
         }
     }
 }

src/PSInfisicalAPI/Cmdlets/ConvertToInfisicalSecretDictionaryCmdlet.cs

@@ -9,6 +9,7 @@ namespace PSInfisicalAPI.Cmdlets
 {
     [Cmdlet(VerbsData.ConvertTo, "InfisicalSecretDictionary")]
     [OutputType(typeof(Dictionary<string, SecureString>))]
+    [OutputType(typeof(Dictionary<string, string>))]
     public sealed class ConvertToInfisicalSecretDictionaryCmdlet : InfisicalCmdletBase
     {
         [Parameter(Mandatory = true, ValueFromPipeline = true)]
@@ -17,6 +18,9 @@ namespace PSInfisicalAPI.Cmdlets
         [Parameter]
         public InfisicalDuplicateKeyBehavior DuplicateKeyBehavior { get; set; } = InfisicalDuplicateKeyBehavior.Error;
 
+        [Parameter]
+        public SwitchParameter AsPlainText { get; set; }
+
         private readonly List<InfisicalSecret> _buffer = new List<InfisicalSecret>();
 
         protected override void ProcessRecord()
@@ -36,36 +40,50 @@ namespace PSInfisicalAPI.Cmdlets
         {
             try
             {
-                Dictionary<string, SecureString> dictionary = new Dictionary<string, SecureString>(StringComparer.OrdinalIgnoreCase);
+                if (AsPlainText.IsPresent)
-
-                foreach (InfisicalSecret secret in _buffer)
                 {
-                    string key = secret.SecretName ?? string.Empty;
+                    Dictionary<string, string> plain = BuildDictionary<string>(secret => secret.GetPlainTextValue());
-
+                    WriteObject(plain);
-                    if (dictionary.ContainsKey(key))
+                }
-                    {
+                else
-                        if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.Error)
+                {
-                        {
+                    Dictionary<string, SecureString> secure = BuildDictionary<SecureString>(secret => secret.SecretValue);
-                            throw new InfisicalConfigurationException(string.Concat("Duplicate secret name encountered: ", key));
+                    WriteObject(secure);
-                        }
-
-                        if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.LastWins)
-                        {
-                            dictionary[key] = secret.SecretValue;
-                        }
-
-                        continue;
-                    }
-
-                    dictionary[key] = secret.SecretValue;
                 }
-
-                WriteObject(dictionary);
             }
             catch (Exception exception)
             {
                 ThrowTerminatingForException("ConvertToInfisicalSecretDictionaryCmdlet", "ConvertToDictionary", exception);
             }
         }
+
+        private Dictionary<string, TValue> BuildDictionary<TValue>(Func<InfisicalSecret, TValue> valueSelector)
+        {
+            Dictionary<string, TValue> dictionary = new Dictionary<string, TValue>(StringComparer.OrdinalIgnoreCase);
+
+            foreach (InfisicalSecret secret in _buffer)
+            {
+                string key = secret.SecretName ?? string.Empty;
+
+                if (dictionary.ContainsKey(key))
+                {
+                    if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.Error)
+                    {
+                        throw new InfisicalConfigurationException(string.Concat("Duplicate secret name encountered: ", key));
+                    }
+
+                    if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.LastWins)
+                    {
+                        dictionary[key] = valueSelector(secret);
+                    }
+
+                    continue;
+                }
+
+                dictionary[key] = valueSelector(secret);
+            }
+
+            return dictionary;
+        }
     }
 }

src/PSInfisicalAPI/Models/InfisicalSecret.cs

@@ -34,6 +34,12 @@ namespace PSInfisicalAPI.Models
             SecureStringUtility.UsePlainText(SecretValue, action);
         }
 
+        public string GetPlainTextValue()
+        {
+            if (SecretValue == null) { return null; }
+            return SecureStringUtility.UsePlainText(SecretValue, plainText => plainText);
+        }
+
         public override string ToString()
         {
             return SecretName;