diff --git a/CHANGELOG.md b/CHANGELOG.md index 199874f..7182481 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos ## Unreleased +## 2026.06.03.0131 + +- Build produced from commit 7be0b7b42008. +- **Behavior change**: `Get-InfisicalSecrets` and `Get-InfisicalSecret` now default `-ViewSecretValue` to `$true`. Real secret values are returned by default. To request the redacted/hidden response, pass `-ViewSecretValue:$false`. +- `InfisicalSecretMapper` now treats the server-side `` placeholder as a hidden marker rather than a value: when `secretValueHidden=true` (or the placeholder string is detected) `SecretValue` is set to `null` instead of stuffing the literal into a `SecureString`. This prevents downstream consumers (auth, exports, dictionary conversion) from silently using `` as if it were a real secret. + +## Unreleased (carried forward) + ## 2026.06.03.0113 - Build produced from commit 09c577ebd0fd. diff --git a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 index 362cd1a..cd3acdd 100644 --- a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 +++ b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 @@ -1,6 +1,6 @@ @{ RootModule = 'PSInfisicalAPI.psm1' - ModuleVersion = '2026.06.03.0113' + ModuleVersion = '2026.06.03.0131' GUID = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51' Author = 'Grace Solutions' CompanyName = 'Grace Solutions' @@ -27,7 +27,7 @@ LicenseUri = 'https://www.gnu.org/licenses/agpl-3.0.html' ProjectUri = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI' ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.' - CommitHash = '09c577ebd0fd' + CommitHash = '7be0b7b42008' } } } \ No newline at end of file diff --git a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll index 8f9805d..0ba2ef8 100644 Binary files a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll and b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll differ diff --git a/docs/DesignSpec.md b/docs/DesignSpec.md index 7cf3feb..030f81d 100644 --- a/docs/DesignSpec.md +++ b/docs/DesignSpec.md @@ -971,7 +971,7 @@ SecretPath: Current connection DefaultSecretPath or / Recursive: false IncludeImports: false ExpandSecretReferences: false -ViewSecretValue: false +ViewSecretValue: true ``` ## Behavior @@ -1040,7 +1040,7 @@ ProjectId: Current connection ProjectId Environment: Current connection Environment SecretPath: Current connection DefaultSecretPath or / Type: Shared -ViewSecretValue: false +ViewSecretValue: true ExpandSecretReferences: false IncludeImports: false ``` diff --git a/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs b/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs index 6db8d78..eae5ea5 100644 --- a/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs +++ b/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs @@ -19,7 +19,7 @@ namespace PSInfisicalAPI.Cmdlets [Parameter] public string ApiVersion { get; set; } [Parameter] public int? Version { get; set; } [Parameter] public InfisicalSecretType Type { get; set; } = InfisicalSecretType.Shared; - [Parameter] public SwitchParameter ViewSecretValue { get; set; } + [Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present; [Parameter] public SwitchParameter ExpandSecretReferences { get; set; } [Parameter] public SwitchParameter IncludeImports { get; set; } diff --git a/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs b/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs index 938b5f4..e3e60bb 100644 --- a/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs +++ b/src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs @@ -20,7 +20,7 @@ namespace PSInfisicalAPI.Cmdlets [Parameter] public SwitchParameter IncludeImports { get; set; } [Parameter] public SwitchParameter IncludePersonalOverrides { get; set; } [Parameter] public SwitchParameter ExpandSecretReferences { get; set; } - [Parameter] public SwitchParameter ViewSecretValue { get; set; } + [Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present; [Parameter] public Hashtable MetadataFilter { get; set; } [Parameter] public string[] TagSlugs { get; set; } diff --git a/src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs b/src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs index b61ce69..944c346 100644 --- a/src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs +++ b/src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs @@ -15,6 +15,8 @@ namespace PSInfisicalAPI.Secrets return null; } + bool hidden = dto.SecretValueHidden || IsHiddenPlaceholder(dto.SecretValue); + InfisicalSecret secret = new InfisicalSecret { Id = dto.Id, @@ -24,8 +26,8 @@ namespace PSInfisicalAPI.Secrets Version = dto.Version, Type = ParseType(dto.Type), SecretName = dto.SecretKey, - SecretValue = SecureStringUtility.ToReadOnlySecureString(dto.SecretValue), - SecretValueHidden = dto.SecretValueHidden, + SecretValue = hidden ? null : SecureStringUtility.ToReadOnlySecureString(dto.SecretValue), + SecretValueHidden = hidden, SecretPath = dto.SecretPath, SecretComment = dto.SecretComment, CreatedAtUtc = ParseTimestamp(dto.CreatedAt), @@ -41,6 +43,11 @@ namespace PSInfisicalAPI.Secrets return secret; } + private static bool IsHiddenPlaceholder(string value) + { + return string.Equals(value, "", StringComparison.Ordinal); + } + public static InfisicalSecret[] MapMany(IEnumerable items) { if (items == null)