gsadmin/PSInfisicalAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Default -ViewSecretValue to true; reject <hidden-by-infisical> placeholder
Publish to PowerShell Gallery / build (pull_request) Failing after 6s
Details
Publish to PowerShell Gallery / release (pull_request) Has been skipped
Details
Publish to PowerShell Gallery / publish (pull_request) Has been skipped
Details

Browse Source 
Get-InfisicalSecrets and Get-InfisicalSecret now return real secret values by default. Pass -ViewSecretValue:False to opt in to the server's hidden response. InfisicalSecretMapper detects the <hidden-by-infisical> placeholder and the secretValueHidden flag; in either case SecretValue is set to null instead of pushing the literal placeholder into a SecureString, so downstream auth/export/dictionary consumers can never silently use the placeholder as if it were a real secret.
This commit is contained in:
GraceSolutions
2026-06-02 21:34:16 -04:00
parent 7be0b7b420
commit dce97e98de
7 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+8
View File
@@ -6,6 +6,14 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos
## Unreleased
## 2026.06.03.0131
- Build produced from commit 7be0b7b42008.
- **Behavior change**: `Get-InfisicalSecrets` and `Get-InfisicalSecret` now default `-ViewSecretValue` to `$true`. Real secret values are returned by default. To request the redacted/hidden response, pass `-ViewSecretValue:$false`.
- `InfisicalSecretMapper` now treats the server-side `<hidden-by-infisical>` placeholder as a hidden marker rather than a value: when `secretValueHidden=true` (or the placeholder string is detected) `SecretValue` is set to `null` instead of stuffing the literal into a `SecureString`. This prevents downstream consumers (auth, exports, dictionary conversion) from silently using `<hidden-by-infisical>` as if it were a real secret.
## Unreleased (carried forward)
## 2026.06.03.0113
- Build produced from commit 09c577ebd0fd.
Module/PSInfisicalAPI/PSInfisicalAPI.psd1
+2 -2
View File
@@ -1,6 +1,6 @@
@{
RootModule = 'PSInfisicalAPI.psm1'
ModuleVersion = '2026.06.03.0113'
ModuleVersion = '2026.06.03.0131'
GUID = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
Author = 'Grace Solutions'
CompanyName = 'Grace Solutions'
@@ -27,7 +27,7 @@
LicenseUri = 'https://www.gnu.org/licenses/agpl-3.0.html'
ProjectUri = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
CommitHash = '09c577ebd0fd'
CommitHash = '7be0b7b42008'
}
}
}
Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll
BIN
View File
Binary file not shown.
docs/DesignSpec.md
+2 -2
View File
@@ -971,7 +971,7 @@ SecretPath: Current connection DefaultSecretPath or /
Recursive: false
IncludeImports: false
ExpandSecretReferences: false
ViewSecretValue: false
ViewSecretValue: true
```
## Behavior
@@ -1040,7 +1040,7 @@ ProjectId: Current connection ProjectId
Environment: Current connection Environment
SecretPath: Current connection DefaultSecretPath or /
Type: Shared
ViewSecretValue: false
ViewSecretValue: true
ExpandSecretReferences: false
IncludeImports: false
```
src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs
+1 -1
View File
@@ -19,7 +19,7 @@ namespace PSInfisicalAPI.Cmdlets
[Parameter] public string ApiVersion { get; set; }
[Parameter] public int? Version { get; set; }
[Parameter] public InfisicalSecretType Type { get; set; } = InfisicalSecretType.Shared;
[Parameter] public SwitchParameter ViewSecretValue { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present;
[Parameter] public SwitchParameter ExpandSecretReferences { get; set; }
[Parameter] public SwitchParameter IncludeImports { get; set; }
src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretsCmdlet.cs
+1 -1
View File
@@ -20,7 +20,7 @@ namespace PSInfisicalAPI.Cmdlets
[Parameter] public SwitchParameter IncludeImports { get; set; }
[Parameter] public SwitchParameter IncludePersonalOverrides { get; set; }
[Parameter] public SwitchParameter ExpandSecretReferences { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; }
[Parameter] public SwitchParameter ViewSecretValue { get; set; } = SwitchParameter.Present;
[Parameter] public Hashtable MetadataFilter { get; set; }
[Parameter] public string[] TagSlugs { get; set; }
src/PSInfisicalAPI/Secrets/InfisicalSecretMapper.cs
+9 -2
View File
@@ -15,6 +15,8 @@ namespace PSInfisicalAPI.Secrets
return null;
}
bool hidden = dto.SecretValueHidden || IsHiddenPlaceholder(dto.SecretValue);
InfisicalSecret secret = new InfisicalSecret
{
Id = dto.Id,
@@ -24,8 +26,8 @@ namespace PSInfisicalAPI.Secrets
Version = dto.Version,
Type = ParseType(dto.Type),
SecretName = dto.SecretKey,
SecretValue = SecureStringUtility.ToReadOnlySecureString(dto.SecretValue),
SecretValueHidden = dto.SecretValueHidden,
SecretValue = hidden ? null : SecureStringUtility.ToReadOnlySecureString(dto.SecretValue),
SecretValueHidden = hidden,
SecretPath = dto.SecretPath,
SecretComment = dto.SecretComment,
CreatedAtUtc = ParseTimestamp(dto.CreatedAt),
@@ -41,6 +43,11 @@ namespace PSInfisicalAPI.Secrets
return secret;
}
private static bool IsHiddenPlaceholder(string value)
{
return string.Equals(value, "<hidden-by-infisical>", StringComparison.Ordinal);
}
public static InfisicalSecret[] MapMany(IEnumerable<InfisicalSecretResponseDto> items)
{
if (items == null)