feat: gate -Prefix to skip already-prefixed names; add -ForcePrefix override on ConvertTo/Import/Export/Start cmdlets

2026-06-07 10:35:18 -04:00
parent b5575222eb
commit 97193d46f2
8 changed files with 44 additions and 13 deletions
@@ -295,7 +295,7 @@ $CopyInfisicalSecretResult = Copy-InfisicalSecret @CopyInfisicalSecretParameters
      <command:noun>InfisicalSecretDictionary</command:noun>
    </command:details>
    <maml:description>
-      <maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins). -Prefix prepends a string to every dictionary key (e.g. SecretName 'API_KEY' with -Prefix 'MYAPP_' becomes key 'MYAPP_API_KEY'); the underlying InfisicalSecret objects are not mutated.</maml:para>
+      <maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins). -Prefix prepends a string to every dictionary key (e.g. SecretName 'API_KEY' with -Prefix 'MYAPP_' becomes key 'MYAPP_API_KEY'); the underlying InfisicalSecret objects are not mutated. A SecretName that already starts with -Prefix (case-insensitive) is left as-is to avoid double-prefixing; pass -ForcePrefix to always prepend.</maml:para>
    </maml:description>
    <maml:alertSet>
      <maml:title>Notes</maml:title>
@@ -338,7 +338,7 @@ $ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary
      <command:noun>InfisicalSecrets</command:noun>
    </command:details>
    <maml:description>
-      <maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format.</maml:para>
+      <maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format; names that already start with -Prefix (case-insensitive) are left as-is to avoid double-prefixing. Pass -ForcePrefix to always prepend.</maml:para>
    </maml:description>
    <maml:alertSet>
      <maml:title>Notes</maml:title>
@@ -382,7 +382,7 @@ $ExportInfisicalSecretsResult = Export-InfisicalSecrets @ExportInfisicalSecretsP
      <command:noun>InfisicalSecret</command:noun>
    </command:details>
    <maml:description>
-      <maml:para>Loads the file at -Path (which must exist) using the parser matching -Format and returns a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText for a plain string dictionary. -Prefix prepends to every emitted key. -DuplicateKeyBehavior controls collision handling (Error, FirstWins, LastWins). The EnvironmentVariables format is intentionally not supported here; use [Environment]::GetEnvironmentVariable or Get-InfisicalEnvironmentVariable for environment-backed values.</maml:para>
+      <maml:para>Loads the file at -Path (which must exist) using the parser matching -Format and returns a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText for a plain string dictionary. -Prefix prepends to every emitted key; keys already starting with -Prefix (case-insensitive) are left as-is to avoid double-prefixing, and -ForcePrefix overrides that gate. -DuplicateKeyBehavior controls collision handling (Error, FirstWins, LastWins). The EnvironmentVariables format is intentionally not supported here; use [Environment]::GetEnvironmentVariable or Get-InfisicalEnvironmentVariable for environment-backed values.</maml:para>
    </maml:description>
    <maml:alertSet>
      <maml:title>Notes</maml:title>
@@ -1705,7 +1705,7 @@ $WriteInfisicalScepMdmProfileToWmiResult = Write-InfisicalScepMdmProfileToWmi @W
      <command:noun>InfisicalProcess</command:noun>
    </command:details>
    <maml:description>
-      <maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
+      <maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name, skipping names that already start with -Prefix (case-insensitive) unless -ForcePrefix is supplied. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
    </maml:description>
    <maml:alertSet>
      <maml:title>Notes</maml:title>
@@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.Management.Automation;
 using System.Security;
 using PSInfisicalAPI.Common;
 using PSInfisicalAPI.Errors;
 using PSInfisicalAPI.Models;
@@ -24,6 +25,9 @@ namespace PSInfisicalAPI.Cmdlets
        [Parameter]
        public string Prefix { get; set; }
        [Parameter]
        public SwitchParameter ForcePrefix { get; set; }
        private readonly List<InfisicalSecret> _buffer = new List<InfisicalSecret>();
        protected override void ProcessRecord()
@@ -63,11 +67,10 @@ namespace PSInfisicalAPI.Cmdlets
        private Dictionary<string, TValue> BuildDictionary<TValue>(Func<InfisicalSecret, TValue> valueSelector)
        {
            Dictionary<string, TValue> dictionary = new Dictionary<string, TValue>(StringComparer.OrdinalIgnoreCase);
            string prefix = Prefix ?? string.Empty;
            foreach (InfisicalSecret secret in _buffer)
            {
-                string key = string.Concat(prefix, secret.SecretName ?? string.Empty);
+                string key = InfisicalPrefix.Apply(secret.SecretName ?? string.Empty, Prefix, ForcePrefix.IsPresent);
                if (dictionary.ContainsKey(key))
                {
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Management.Automation;
 using System.Text;
 using PSInfisicalAPI.Common;
 using PSInfisicalAPI.Errors;
 using PSInfisicalAPI.Exports;
 using PSInfisicalAPI.Models;
@@ -40,6 +41,9 @@ namespace PSInfisicalAPI.Cmdlets
        [Parameter]
        public string Prefix { get; set; }
        [Parameter]
        public SwitchParameter ForcePrefix { get; set; }
        private readonly List<InfisicalSecret> _buffer = new List<InfisicalSecret>();
        protected override void ProcessRecord()
@@ -71,7 +75,7 @@ namespace PSInfisicalAPI.Cmdlets
                InfisicalExportRequest request = new InfisicalExportRequest
                {
-                    Secrets = ApplyPrefix(_buffer, Prefix),
+                    Secrets = ApplyPrefix(_buffer, Prefix, ForcePrefix.IsPresent),
                    Format = Format,
                    Path = Path,
                    Scope = Scope,
@@ -88,7 +92,7 @@ namespace PSInfisicalAPI.Cmdlets
            }
        }
-        private static InfisicalSecret[] ApplyPrefix(List<InfisicalSecret> source, string prefix)
+        private static InfisicalSecret[] ApplyPrefix(List<InfisicalSecret> source, string prefix, bool force)
        {
            if (string.IsNullOrEmpty(prefix)) { return source.ToArray(); }
@@ -104,7 +108,7 @@ namespace PSInfisicalAPI.Cmdlets
                    Environment = original.Environment,
                    Version = original.Version,
                    Type = original.Type,
-                    SecretName = string.Concat(prefix, original.SecretName),
+                    SecretName = InfisicalPrefix.Apply(original.SecretName, prefix, force),
                    SecretValue = original.SecretValue,
                    SecretValueHidden = original.SecretValueHidden,
                    SecretPath = original.SecretPath,
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Management.Automation;
 using System.Security;
 using PSInfisicalAPI.Common;
 using PSInfisicalAPI.Errors;
 using PSInfisicalAPI.Imports;
 using PSInfisicalAPI.Models;
@@ -31,6 +32,9 @@ namespace PSInfisicalAPI.Cmdlets
        [Parameter]
        public string Prefix { get; set; }
        [Parameter]
        public SwitchParameter ForcePrefix { get; set; }
        protected override void EndProcessing()
        {
            try
@@ -66,12 +70,11 @@ namespace PSInfisicalAPI.Cmdlets
            Func<string, TValue> valueSelector)
        {
            Dictionary<string, TValue> dictionary = new Dictionary<string, TValue>(StringComparer.OrdinalIgnoreCase);
            string prefix = Prefix ?? string.Empty;
            foreach (KeyValuePair<string, string> pair in pairs)
            {
                if (pair.Key == null) { continue; }
-                string key = string.Concat(prefix, pair.Key);
+                string key = InfisicalPrefix.Apply(pair.Key, Prefix, ForcePrefix.IsPresent);
                if (dictionary.ContainsKey(key))
                {
@@ -95,6 +95,9 @@ namespace PSInfisicalAPI.Cmdlets
        [Parameter]
        public string Prefix { get; set; }
        [Parameter]
        public SwitchParameter ForcePrefix { get; set; }
        private readonly List<InfisicalSecret> _secretBuffer = new List<InfisicalSecret>();
        protected override void ProcessRecord()
@@ -135,7 +138,8 @@ namespace PSInfisicalAPI.Cmdlets
                    LogOutput = LogOutput.IsPresent,
                    ContinueOnError = ContinueOnError.IsPresent,
                    Secrets = _secretBuffer.ToArray(),
-                    Prefix = Prefix
+                    Prefix = Prefix,
                    ForcePrefix = ForcePrefix.IsPresent
                };
                InfisicalProcessResult result = InfisicalProcessRunner.Run(options, Logger);
@@ -0,0 +1,15 @@
 using System;
 namespace PSInfisicalAPI.Common
 {
    public static class InfisicalPrefix
    {
        public static string Apply(string original, string prefix, bool force)
        {
            if (string.IsNullOrEmpty(prefix)) { return original ?? string.Empty; }
            if (original == null) { return prefix; }
            if (!force && original.StartsWith(prefix, StringComparison.OrdinalIgnoreCase)) { return original; }
            return string.Concat(prefix, original);
        }
    }
 }
@@ -26,5 +26,6 @@ namespace PSInfisicalAPI.Process
        public bool ContinueOnError { get; set; }
        public InfisicalSecret[] Secrets { get; set; }
        public string Prefix { get; set; }
        public bool ForcePrefix { get; set; }
    }
 }
@@ -6,6 +6,7 @@ using System.Linq;
 using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading;
 using PSInfisicalAPI.Common;
 using PSInfisicalAPI.Logging;
 using PSInfisicalAPI.Models;
 using PSInfisicalAPI.Security;
@@ -39,7 +40,7 @@ namespace PSInfisicalAPI.Process
            foreach (InfisicalSecret secret in options.Secrets)
            {
                if (secret == null || string.IsNullOrEmpty(secret.SecretName) || secret.SecretValue == null) { continue; }
-                string name = string.IsNullOrEmpty(options.Prefix) ? secret.SecretName : string.Concat(options.Prefix, secret.SecretName);
+                string name = InfisicalPrefix.Apply(secret.SecretName, options.Prefix, options.ForcePrefix);
                SecureStringUtility.UsePlainText(secret.SecretValue, plain =>
                {
                    processEnv[name] = plain;