Adds opt-in insecure-transport controls for pre-production / self-signed
scenarios. Configured once on Connect-Infisical and persisted on the
InfisicalConnection; every downstream cmdlet inherits via the base class.
Connect-Infisical:
- [switch] SkipCertificateCheck Disable TLS chain validation per request.
- [switch] AllowInsecureTransport Permit http:// BaseUri (else throw).
- Logs explicit Warning records when either is enabled.
InfisicalConnection:
- New SkipCertificateCheck / AllowInsecureTransport bool properties (default
false). Persisted on the session for downstream cmdlets.
InfisicalCmdletBase:
- HttpClient getter now constructs InfisicalHttpClient with the flag derived
from a new virtual ShouldSkipCertificateCheck(), which reads the current
session. Connect-Infisical overrides it to use its own switch since the
session does not yet exist during auth.
InfisicalHttpClient:
- New skipCertificateCheck ctor parameter; when on, sets
HttpWebRequest.ServerCertificateValidationCallback per request via
reflection (property is available at runtime on PS 5.1/7 but not surfaced
by netstandard2.0). Falls back to ServicePointManager with a warning if
reflection is unavailable.
Tests:
- InfisicalConnection defaults both flags to false.
- ShouldSkipCertificateCheck reads from InfisicalSessionManager.Current.
BREAKING CHANGES
- Connect-Infisical no longer accepts -ProjectId, -Environment, or -SecretPath.
- InfisicalConnection no longer carries ProjectId, Environment, or DefaultSecretPath.
- Every cmdlet that previously inherited those fields now requires -ProjectId
and/or -Environment as Mandatory=true. -SecretPath / -Path remain optional
and default to "/" at the client layer.
- INFISICAL_PROJECT_ID, INFISICAL_ENVIRONMENT, INFISICAL_SECRET_PATH env-var
scanning removed from Connect-Infisical.
- Resolve{ProjectId,Environment,SecretPath} helpers removed from
InfisicalCmdletBase. ResolveOrganizationId retained.
ADDED
- Get-InfisicalProject -Type <enum> filters the list by product surface
(secret-manager, cert-manager, kms, ssh, secret-scanning, pam, ai) with
IntelliSense via ValidateSet.
- Get-InfisicalProject -IncludeRoles switch maps to includeRoles=true/false
query parameter (always sent).
RATIONALE
- Implicit connection scoping caused 400 Bad Request when the active
connection's ProjectId belonged to a different product surface than the
cmdlet's target (e.g. secret-manager project id passed to /cert-manager/*).
- Explicit parameters make scope unambiguous and make scripts portable
across projects.
- The new -Type filter on Get-InfisicalProject lets callers discover the
correct project id for each subsequent CRUD invocation without needing
connection-level inheritance.
INTERNAL
- All client classes (Secrets / Folders / Environments / Tags / Projects /
Pki) now receive scoping as explicit arguments rather than reading the
InfisicalConnection object.
- Client-layer SecretPath / Path defaulting to "/" is preserved via
FirstNonEmpty(...).
- Help XML updated to remove all "session-pinned" / "active connection"
phrasing; OrderedDictionary splatting examples now include the mandatory
parameters.
- 216/216 unit tests passing.
- Bulk parameter sets on New-/Update-/Remove-InfisicalSecret via v3/secrets/batch/raw.
- Copy-InfisicalSecret cmdlet wrapping v4/secrets/duplicate.
- InfisicalCmdletBase.Resolve{ProjectId,Environment,SecretPath,ApiVersion,OrganizationId} with verbose inheritance logging.
- All resource cmdlets refactored to use the resolution helpers.
- InfisicalBulkSecretConverter for flexible Hashtable -> DTO mapping.
- 22 new unit tests covering registry, DTOs, converter, and inheritance helpers. Total: 161 passing.
GraceSolutions