gsadmin/PSInfisicalAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Default -ViewSecretValue to true; reject <hidden-by-infisical> placeholder
Publish to PowerShell Gallery / build (pull_request) Failing after 6s
Details
Publish to PowerShell Gallery / release (pull_request) Has been skipped
Details
Publish to PowerShell Gallery / publish (pull_request) Has been skipped
Details

Browse Source 
Get-InfisicalSecrets and Get-InfisicalSecret now return real secret values by default. Pass -ViewSecretValue:False to opt in to the server's hidden response. InfisicalSecretMapper detects the <hidden-by-infisical> placeholder and the secretValueHidden flag; in either case SecretValue is set to null instead of pushing the literal placeholder into a SecureString, so downstream auth/export/dictionary consumers can never silently use the placeholder as if it were a real secret.
This commit is contained in:
GraceSolutions
2026-06-02 21:34:16 -04:00
parent 7be0b7b420
commit dce97e98de
7 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs
+1 -1
View File
@@ -19,7 +19,7 @@ namespace PSInfisicalAPI.Cmdlets
[Parameter] public string ApiVersion { get; set; }
[Parameter] public int? Version { get; set; }
[Parameter] public InfisicalSecretType Type { get; set; } = InfisicalSecretType.Shared;
[Parameter] public SwitchParameter ViewSecretValue { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present;
[Parameter] public SwitchParameter ExpandSecretReferences { get; set; }
[Parameter] public SwitchParameter IncludeImports { get; set; }
src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs
+1 -1
View File
@@ -20,7 +20,7 @@ namespace PSInfisicalAPI.Cmdlets
[Parameter] public SwitchParameter IncludeImports { get; set; }
[Parameter] public SwitchParameter IncludePersonalOverrides { get; set; }
[Parameter] public SwitchParameter ExpandSecretReferences { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present;
[Parameter] public Hashtable MetadataFilter { get; set; }
[Parameter] public string[] TagSlugs { get; set; }
src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs
+9 -2
View File
@@ -15,6 +15,8 @@ namespace PSInfisicalAPI.Secrets
return null;
}
bool hidden = dto.SecretValueHidden || IsHiddenPlaceholder(dto.SecretValue);
InfisicalSecret secret = new InfisicalSecret
{
Id = dto.Id,
@@ -24,8 +26,8 @@ namespace PSInfisicalAPI.Secrets
Version = dto.Version,
Type = ParseType(dto.Type),
SecretName = dto.SecretKey,
SecretValue = SecureStringUtility.ToReadOnlySecureString(dto.SecretValue),
SecretValueHidden = dto.SecretValueHidden,
SecretValue = hidden ? null : SecureStringUtility.ToReadOnlySecureString(dto.SecretValue),
SecretValueHidden = hidden,
SecretPath = dto.SecretPath,
SecretComment = dto.SecretComment,
CreatedAtUtc = ParseTimestamp(dto.CreatedAt),
@@ -41,6 +43,11 @@ namespace PSInfisicalAPI.Secrets
return secret;
}
private static bool IsHiddenPlaceholder(string value)
{
return string.Equals(value, "<hidden-by-infisical>", StringComparison.Ordinal);
}
public static InfisicalSecret[] MapMany(IEnumerable<InfisicalSecretResponseDto> items)
{
if (items == null)