Add -Kind switch to Get-InfisicalCertificateAuthority

List parameter set gains -Kind Internal|Acme|Any. Internal (default) preserves current behavior against /api/v1/cert-manager/ca/internal. Any binds to the generic /api/v1/cert-manager/ca endpoint returning both internal and ACME CAs. Acme uses the generic endpoint and client-side filters to type=acme. ById retrieval is unchanged and still resolves against the internal CA endpoint. The existing InfisicalCertificateAuthority model already exposes a Type property to distinguish entries when -Kind Any is used. MAML help updated.

src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificateAuthorityCmdlet.cs

@@ -16,6 +16,10 @@ namespace PSInfisicalAPI.Cmdlets
 
         [Parameter] public string ProjectId { get; set; }
 
+        [Parameter(ParameterSetName = "List")]
+        [ValidateSet("Internal", "Acme", "Any")]
+        public string Kind { get; set; } = "Internal";
+
         protected override void ProcessRecord()
         {
             try
@@ -34,7 +38,20 @@ namespace PSInfisicalAPI.Cmdlets
                     return;
                 }
 
-                InfisicalCertificateAuthority[] all = client.ListInternalCertificateAuthorities(connection, ProjectId);
+                InfisicalCertificateAuthority[] all;
+                if (string.Equals(Kind, "Internal", StringComparison.OrdinalIgnoreCase))
+                {
+                    all = client.ListInternalCertificateAuthorities(connection, ProjectId);
+                }
+                else
+                {
+                    all = client.ListAllCertificateAuthorities(connection, ProjectId);
+                    if (string.Equals(Kind, "Acme", StringComparison.OrdinalIgnoreCase))
+                    {
+                        all = FilterByType(all, "acme");
+                    }
+                }
+
                 foreach (InfisicalCertificateAuthority ca in all)
                 {
                     WriteObject(ca);
@@ -45,5 +62,20 @@ namespace PSInfisicalAPI.Cmdlets
                 ThrowTerminatingForException("GetInfisicalCertificateAuthorityCmdlet", "GetCertificateAuthority", exception);
             }
         }
+
+        private static InfisicalCertificateAuthority[] FilterByType(InfisicalCertificateAuthority[] source, string type)
+        {
+            if (source == null || source.Length == 0) { return Array.Empty<InfisicalCertificateAuthority>(); }
+            System.Collections.Generic.List<InfisicalCertificateAuthority> kept = new System.Collections.Generic.List<InfisicalCertificateAuthority>();
+            foreach (InfisicalCertificateAuthority ca in source)
+            {
+                if (ca != null && string.Equals(ca.Type, type, StringComparison.OrdinalIgnoreCase))
+                {
+                    kept.Add(ca);
+                }
+            }
+
+            return kept.ToArray();
+        }
     }
 }

src/PSInfisicalAPI/Endpoints/InfisicalEndpointNames.cs

@@ -60,5 +60,7 @@ namespace PSInfisicalAPI.Endpoints
 
         public const string ListCertificatePolicies = "ListCertificatePolicies";
         public const string GetCertificatePolicy = "GetCertificatePolicy";
+
+        public const string ListCertificateAuthorities = "ListCertificateAuthorities";
     }
 }

src/PSInfisicalAPI/Endpoints/InfisicalEndpointRegistry.cs

@@ -682,6 +682,16 @@ namespace PSInfisicalAPI.Endpoints
                 Template = "/api/v1/cert-manager/certificate-policies/{certificatePolicyId}",
                 RequiresAuthorization = true
             });
+
+            Add(map, new InfisicalEndpointDefinition
+            {
+                Name = InfisicalEndpointNames.ListCertificateAuthorities,
+                Resource = "Pki",
+                Version = "v1",
+                Method = "GET",
+                Template = "/api/v1/cert-manager/ca",
+                RequiresAuthorization = true
+            });
         }
 
         public static InfisicalEndpointDefinition Get(string name)

src/PSInfisicalAPI/Pki/InfisicalPkiClient.cs

@@ -91,6 +91,36 @@ namespace PSInfisicalAPI.Pki
             }
         }
 
+        public InfisicalCertificateAuthority[] ListAllCertificateAuthorities(InfisicalConnection connection, string projectId)
+        {
+            if (connection == null) { throw new ArgumentNullException(nameof(connection)); }
+            string resolvedProjectId = FirstNonEmpty(projectId, connection.ProjectId);
+            if (string.IsNullOrEmpty(resolvedProjectId)) { throw new InfisicalConfigurationException("ProjectId is required."); }
+
+            List<KeyValuePair<string, string>> query = new List<KeyValuePair<string, string>>
+            {
+                new KeyValuePair<string, string>("projectId", resolvedProjectId)
+            };
+
+            try
+            {
+                _logger.Information(Component, "Attempting to list Infisical certificate authorities. Please Wait...");
+                InfisicalHttpResponse response = _invoker.InvokeWithCandidateFallback(connection, InfisicalEndpointNames.ListCertificateAuthorities, "ListCertificateAuthorities", null, query, null);
+                string body = response.Body;
+                response.Clear();
+
+                List<InfisicalInternalCaResponseDto> source = ParseCaListBody(body);
+                InfisicalCertificateAuthority[] mapped = InfisicalCaMapper.MapMany(source, resolvedProjectId);
+                _logger.Information(Component, "Infisical certificate authority list retrieval was successful.");
+                return mapped;
+            }
+            catch (Exception)
+            {
+                _logger.Error(Component, "Infisical certificate authority list retrieval failed.");
+                throw;
+            }
+        }
+
         public InfisicalCertificate RetrieveCertificate(InfisicalConnection connection, string identifier)
         {
             if (connection == null) { throw new ArgumentNullException(nameof(connection)); }