gsadmin/PSInfisicalAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

Compare commits

base: gsadmin/PSInfisicalAPI:2026.6.7.21
Branches Tags
gsadmin/PSInfisicalAPI:main gsadmin/PSInfisicalAPI:dev
gsadmin/PSInfisicalAPI:2026.6.16.220 gsadmin/PSInfisicalAPI:2026.6.10.2048 gsadmin/PSInfisicalAPI:2026.6.10.2043 gsadmin/PSInfisicalAPI:2026.6.7.1438 gsadmin/PSInfisicalAPI:2026.6.7.21 gsadmin/PSInfisicalAPI:2026.6.6.2236 gsadmin/PSInfisicalAPI:2026.6.5.2049 gsadmin/PSInfisicalAPI:2026.6.5.1130
...
compare: gsadmin/PSInfisicalAPI:2026.6.16.220
Branches Tags
gsadmin/PSInfisicalAPI:main gsadmin/PSInfisicalAPI:dev
gsadmin/PSInfisicalAPI:2026.6.16.220 gsadmin/PSInfisicalAPI:2026.6.10.2048 gsadmin/PSInfisicalAPI:2026.6.10.2043 gsadmin/PSInfisicalAPI:2026.6.7.1438 gsadmin/PSInfisicalAPI:2026.6.7.21 gsadmin/PSInfisicalAPI:2026.6.6.2236 gsadmin/PSInfisicalAPI:2026.6.5.2049 gsadmin/PSInfisicalAPI:2026.6.5.1130

11 Commits
2026.6.7.21 ... 2026.6.16.220

Author SHA1 Message Date
gsadmin 4c7ce00504 Merge pull request 'Fix import merging and add count/scope logging across cmdlets' (#17) from dev into main 
Reviewed-on: #17
 2026-06-16 02:19:28 +00:00
GraceSolutions 14c8c4f384 Fix import merging and add count/scope logging across cmdlets
Publish to PowerShell Gallery / build (pull_request) Successful in 24s
Details
Publish to PowerShell Gallery / release (pull_request) Successful in 15s
Details
Publish to PowerShell Gallery / publish (pull_request) Successful in 8s
Details 
InfisicalSecretsClient.List now merges dto.Imports[].Secrets with dto.Secrets using local-wins precedence, restoring imported secrets that were previously dropped when -IncludeImports was set.

Get-InfisicalSecret, ConvertTo-InfisicalSecretDictionary, Export-InfisicalSecrets, Import-InfisicalSecret, New/Update/Remove-InfisicalSecret, and Start-InfisicalProcess now emit Information-level counts for retrieved/processed/injected items.

All collection-returning Get-* cmdlets (Folder, Project, Organization, Environment, Tag, SubOrganization, Certificate, CertificateAuthority, CertificateApplication, CertificatePolicy, CertificateProfile, PkiSubscriber) now log returned counts.

Get-InfisicalEnvironmentVariable gains an optional -Scope (EnvironmentVariableTarget) parameter plus per-scope verbose tracing and Information-level found/not-found outcome lines.
 2026-06-15 22:18:02 -04:00
gsadmin 5e5145fdc7 Merge pull request 'Add GitHub Actions workflow for PowerShell Gallery publish' (#16) from dev into main 
Reviewed-on: #16
 2026-06-10 20:57:05 +00:00
GraceSolutions 6318d06362 Add GitHub Actions workflow for PowerShell Gallery publish
Publish to PowerShell Gallery / release (pull_request) Has been cancelled
Details
Publish to PowerShell Gallery / publish (pull_request) Has been cancelled
Details
Publish to PowerShell Gallery / build (pull_request) Has been cancelled
Details 
Mirrors the Gitea workflow with GitHub-specific adaptations: ubuntu-latest runner, actions/upload-artifact and actions/download-artifact v4, Bearer auth with X-GitHub-Api-Version header, /pull/ URL path, upload_url URI template handling on uploads.github.com, contents:write permission on the release job, and on-demand Install-Module of Microsoft.PowerShell.PSResourceGet for CurrentUser.
 2026-06-10 16:54:22 -04:00
gsadmin 98f5d7704e Merge pull request 'Rename spec' (#15) from dev into main 
Reviewed-on: #15
 2026-06-10 20:43:05 +00:00
GraceSolutions 94bd15a8f8 Rename prefix parameters to SecretsPrefix/ForceSecretsPrefix and -Secret to -Secrets
Publish to PowerShell Gallery / build (pull_request) Successful in 23s
Details
Publish to PowerShell Gallery / release (pull_request) Successful in 11s
Details
Publish to PowerShell Gallery / publish (pull_request) Successful in 8s
Details 
Renames -Prefix to -SecretsPrefix and -ForcePrefix to -ForceSecretsPrefix across ConvertTo-InfisicalSecretDictionary, Import-InfisicalSecret, Export-InfisicalSecrets, and Start-InfisicalProcess. Start-InfisicalProcess also renames the pipeline parameter -Secret to -Secrets. The previous names remain available as parameter aliases (Prefix, ForcePrefix, Secret) for backward compatibility. Internal InfisicalProcessOptions properties renamed to match.
 2026-06-10 16:20:13 -04:00
GraceSolutions daf1cdce65 Rename spec 2026-06-08 17:59:52 -04:00
gsadmin 80871b73af Merge pull request 'feat: add Import-InfisicalSecret + Get-InfisicalEnvironmentVariable + -Prefix on ConvertTo-InfisicalSecretDictionary' (#14) from dev into main 
Reviewed-on: #14
 2026-06-07 14:38:32 +00:00
GraceSolutions 9a2f81fc02 Build artifacts for 97193d46f2
Publish to PowerShell Gallery / build (pull_request) Successful in 30s
Details
Publish to PowerShell Gallery / release (pull_request) Successful in 16s
Details
Publish to PowerShell Gallery / publish (pull_request) Successful in 7s
Details 
Auto-generated by build.ps1 -CommitArtifacts. Build 2026.06.07.1435. Module DLL and manifest embed BuildCommitHash=97193d46f2ff, matching the source commit they were produced from.
 2026-06-07 10:35:49 -04:00
GraceSolutions 97193d46f2 feat: gate -Prefix to skip already-prefixed names; add -ForcePrefix override on ConvertTo/Import/Export/Start cmdlets 2026-06-07 10:35:18 -04:00
GraceSolutions b5575222eb feat: add Import-InfisicalSecret + Get-InfisicalEnvironmentVariable + -Prefix on ConvertTo-InfisicalSecretDictionary 2026-06-07 10:16:20 -04:00
41 changed files with 1133 additions and 40 deletions
Expand all files Collapse all files
.github/workflows/publish-psgallery.yml
+328
View File
@@ -0,0 +1,328 @@
name: Publish to PowerShell Gallery
on:
pull_request:
types: [closed]
branches: [main]
jobs:
build:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Verify host prerequisites (pwsh, dotnet)
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
$missing = @()
if (-not (Get-Command pwsh -ErrorAction SilentlyContinue)) { $missing += 'pwsh' }
if (-not (Get-Command dotnet -ErrorAction SilentlyContinue)) { $missing += 'dotnet' }
if ($missing.Count -gt 0) {
throw "Host runner is missing required tool(s): $($missing -join ', '). Provision them on the runner host."
}
Write-Host ("pwsh: " + (pwsh -NoProfile -Command '$PSVersionTable.PSVersion.ToString()'))
Write-Host ("dotnet: " + (dotnet --version))
Write-Host '--- dotnet --info ---'
dotnet --info
Write-Host '--- disk free ---'
df -h .
Write-Host '--- memory ---'
free -m
- name: Restore NuGet packages
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
Write-Host '==> dotnet restore src/PSInfisicalAPI/PSInfisicalAPI.csproj'
dotnet restore src/PSInfisicalAPI/PSInfisicalAPI.csproj --verbosity normal
if ($LASTEXITCODE -ne 0) { throw "Restore of PSInfisicalAPI.csproj failed with exit code $LASTEXITCODE" }
Write-Host '==> dotnet restore src/PSInfisicalAPI.Tests/PSInfisicalAPI.Tests.csproj'
dotnet restore src/PSInfisicalAPI.Tests/PSInfisicalAPI.Tests.csproj --verbosity normal
if ($LASTEXITCODE -ne 0) { throw "Restore of PSInfisicalAPI.Tests.csproj failed with exit code $LASTEXITCODE" }
- name: Build module
shell: pwsh
run: ./build.ps1
- name: Validate module manifest
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
$manifestPath = Join-Path $PWD 'Module/PSInfisicalAPI/PSInfisicalAPI.psd1'
$manifest = Test-ModuleManifest -Path $manifestPath
Write-Host "Manifest OK: $($manifest.Name) $($manifest.Version)"
- name: Upload module artifact
uses: actions/upload-artifact@v4
with:
name: PSInfisicalAPI-module
path: Module/PSInfisicalAPI
if-no-files-found: error
retention-days: 7
release:
needs: build
if: ${{ success() && github.event.pull_request.merged == true }}
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
version: ${{ steps.meta.outputs.version }}
tag: ${{ steps.meta.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Verify host prerequisites (pwsh)
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
if (-not (Get-Command pwsh -ErrorAction SilentlyContinue)) {
throw "Host runner is missing required tool: pwsh. Provision it on the runner host."
}
Write-Host ("pwsh: " + (pwsh -NoProfile -Command '$PSVersionTable.PSVersion.ToString()'))
- name: Download module artifact
uses: actions/download-artifact@v4
with:
name: PSInfisicalAPI-module
path: Module/PSInfisicalAPI
- name: Resolve module version and tag
id: meta
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
$manifestPath = Join-Path $PWD 'Module/PSInfisicalAPI/PSInfisicalAPI.psd1'
$manifest = Test-ModuleManifest -Path $manifestPath
$version = $manifest.Version.ToString()
$tag = $version
Write-Host "Module version: $version"
Write-Host "Release tag: $tag"
"version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
"tag=$tag" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
- name: Package module as release asset
shell: pwsh
env:
VERSION: ${{ steps.meta.outputs.version }}
run: |
$ErrorActionPreference = 'Stop'
$zipPath = Join-Path $PWD "PSInfisicalAPI-$($env:VERSION).zip"
if (Test-Path $zipPath) { Remove-Item $zipPath -Force }
Compress-Archive -Path 'Module/PSInfisicalAPI/*' -DestinationPath $zipPath -Force
Write-Host "Created: $zipPath ($([math]::Round((Get-Item $zipPath).Length / 1KB, 1)) KB)"
- name: Create GitHub release
shell: pwsh
env:
GITHUB_TOKEN: ${{ github.token }}
API_URL: ${{ github.api_url }}
REPO: ${{ github.repository }}
TAG: ${{ steps.meta.outputs.tag }}
VERSION: ${{ steps.meta.outputs.version }}
COMMIT_SHA: ${{ github.sha }}
PR_NUMBER: ${{ github.event.pull_request.number }}
PR_TITLE: ${{ github.event.pull_request.title }}
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
SERVER_URL: ${{ github.server_url }}
RUN_ID: ${{ github.run_id }}
run: |
$ErrorActionPreference = 'Stop'
Set-StrictMode -Version Latest
trap { Write-Host "==> RELEASE STEP FAILED: $($_ | Out-String)"; Write-Host ($_.ScriptStackTrace); exit 1 }
Write-Host "==> [1/8] Validating inputs"
Write-Host " TAG=$($env:TAG)"
Write-Host " VERSION=$($env:VERSION)"
Write-Host " REPO=$($env:REPO)"
Write-Host " API_URL=$($env:API_URL)"
Write-Host " SERVER_URL=$($env:SERVER_URL)"
Write-Host " PR_NUMBER=$($env:PR_NUMBER)"
Write-Host " RUN_ID=$($env:RUN_ID)"
if ([string]::IsNullOrWhiteSpace($env:GITHUB_TOKEN)) { throw "github.token is empty." }
if ([string]::IsNullOrWhiteSpace($env:TAG)) { throw "TAG is empty." }
if ([string]::IsNullOrWhiteSpace($env:VERSION)) { throw "VERSION is empty." }
if ([string]::IsNullOrWhiteSpace($env:API_URL)) { throw "API_URL is empty." }
if ([string]::IsNullOrWhiteSpace($env:REPO)) { throw "REPO is empty." }
if ([string]::IsNullOrWhiteSpace($env:COMMIT_SHA)) { throw "COMMIT_SHA is empty." }
Write-Host "==> [2/8] Deriving metadata"
$shortSha = $env:COMMIT_SHA.Substring(0, [Math]::Min(12, $env:COMMIT_SHA.Length))
$buildUtc = (Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
$runUrl = "$($env:SERVER_URL)/$($env:REPO)/actions/runs/$($env:RUN_ID)"
$prUrl = "$($env:SERVER_URL)/$($env:REPO)/pull/$($env:PR_NUMBER)"
Write-Host " shortSha=$shortSha"
Write-Host "==> [3/8] Extracting CHANGELOG section"
$changelogSection = ''
if (Test-Path 'CHANGELOG.md') {
$lines = [System.IO.File]::ReadAllLines('CHANGELOG.md')
$start = -1; $end = $lines.Length
for ($i = 0; $i -lt $lines.Length; $i++) {
if ($lines[$i] -match "^##\s+$([regex]::Escape($env:VERSION))\s*$") { $start = $i + 1; continue }
if ($start -ge 0 -and $lines[$i] -match '^##\s+') { $end = $i; break }
}
if ($start -ge 0) {
$changelogSection = ($lines[$start..($end - 1)] -join "`n").Trim()
}
}
Write-Host " CHANGELOG section length: $($changelogSection.Length) chars"
Write-Host "==> [4/8] Building release body"
$changelogText = if ($changelogSection) { $changelogSection } else { '_No CHANGELOG section found for this version._' }
$sb = New-Object System.Text.StringBuilder
[void]$sb.AppendLine("**PSInfisicalAPI $($env:VERSION)**")
[void]$sb.AppendLine('')
[void]$sb.AppendLine('| Field | Value |')
[void]$sb.AppendLine('| --- | --- |')
[void]$sb.AppendLine("| Version | ``$($env:VERSION)`` |")
[void]$sb.AppendLine("| Tag | ``$($env:TAG)`` |")
[void]$sb.AppendLine("| Commit | [``$shortSha``]($($env:SERVER_URL)/$($env:REPO)/commit/$($env:COMMIT_SHA)) |")
[void]$sb.AppendLine("| Built (UTC) | $buildUtc |")
[void]$sb.AppendLine("| Merged PR | [#$($env:PR_NUMBER) $($env:PR_TITLE)]($prUrl) by @$($env:PR_AUTHOR) |")
[void]$sb.AppendLine("| Workflow run | [$($env:RUN_ID)]($runUrl) |")
[void]$sb.AppendLine('')
[void]$sb.AppendLine('## Changes')
[void]$sb.AppendLine($changelogText)
[void]$sb.AppendLine('')
[void]$sb.AppendLine('## Install')
[void]$sb.AppendLine('```powershell')
[void]$sb.AppendLine("Install-Module -Name PSInfisicalAPI -RequiredVersion $($env:VERSION) -Scope CurrentUser")
[void]$sb.AppendLine('```')
$body = $sb.ToString()
Write-Host " body length: $($body.Length) chars"
$headers = @{
Authorization = "Bearer $($env:GITHUB_TOKEN)"
Accept = 'application/vnd.github+json'
'X-GitHub-Api-Version' = '2022-11-28'
}
$createUri = "$($env:API_URL)/repos/$($env:REPO)/releases"
Write-Host "==> [5/8] Checking for existing release tag: $createUri/tags/$($env:TAG)"
$existing = $null
try {
$existing = Invoke-RestMethod -Method Get -Headers $headers `
-Uri "$createUri/tags/$($env:TAG)" -ErrorAction Stop
} catch {
$status = $null
try { $status = $_.Exception.Response.StatusCode.value__ } catch { }
if ($status -ne 404) {
Write-Host " Lookup failed (status=$status): $($_.Exception.Message)"
throw
}
Write-Host " No existing release (404)."
}
if ($existing) {
Write-Host " Release tag '$($env:TAG)' already exists (id=$($existing.id)); skipping creation."
return
}
Write-Host "==> [6/8] Creating release"
$payload = @{
tag_name = $env:TAG
target_commitish = $env:COMMIT_SHA
name = "PSInfisicalAPI $($env:VERSION)"
body = $body
draft = $false
prerelease = $false
} | ConvertTo-Json -Depth 4
Write-Host " payload bytes: $([System.Text.Encoding]::UTF8.GetByteCount($payload))"
$release = Invoke-RestMethod -Method Post -Uri $createUri -Headers $headers `
-ContentType 'application/json' -Body $payload
Write-Host " Created release id=$($release.id) at $($release.html_url)"
Write-Host "==> [7/8] Locating release asset"
$assetPath = Join-Path $PWD "PSInfisicalAPI-$($env:VERSION).zip"
if (-not (Test-Path $assetPath)) { throw "Release asset not found at: $assetPath" }
$fileBytes = [System.IO.File]::ReadAllBytes($assetPath)
Write-Host " Asset: $assetPath ($([math]::Round($fileBytes.Length / 1KB, 1)) KB)"
Write-Host "==> [8/8] Uploading asset"
# GitHub returns a URI Template in upload_url (e.g. "https://uploads.github.com/.../assets{?name,label}").
# Strip the template suffix and append the asset name query.
$uploadBase = ($release.upload_url -replace '\{.*\}$', '')
$uploadUri = "$uploadBase`?name=PSInfisicalAPI-$($env:VERSION).zip"
Invoke-RestMethod -Method Post -Uri $uploadUri -Headers $headers `
-ContentType 'application/zip' -Body $fileBytes | Out-Null
Write-Host "==> Done: uploaded PSInfisicalAPI-$($env:VERSION).zip"
publish:
needs: release
if: ${{ success() && github.event.pull_request.merged == true }}
runs-on: ubuntu-latest
steps:
- name: Verify host prerequisites (pwsh)
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
if (-not (Get-Command pwsh -ErrorAction SilentlyContinue)) {
throw "Host runner is missing required tool: pwsh. Provision it on the runner host."
}
Write-Host ("pwsh: " + (pwsh -NoProfile -Command '$PSVersionTable.PSVersion.ToString()'))
- name: Download module artifact
uses: actions/download-artifact@v4
with:
name: PSInfisicalAPI-module
path: Module/PSInfisicalAPI
- name: Bootstrap Microsoft.PowerShell.PSResourceGet
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
if (-not (Get-Module -ListAvailable -Name Microsoft.PowerShell.PSResourceGet)) {
Write-Host "==> Installing Microsoft.PowerShell.PSResourceGet for CurrentUser"
Install-Module -Name Microsoft.PowerShell.PSResourceGet -Scope CurrentUser -Force -AllowClobber -ErrorAction Stop
}
Import-Module Microsoft.PowerShell.PSResourceGet -ErrorAction Stop
$existing = Get-PSResourceRepository -Name PSGallery -ErrorAction SilentlyContinue
if (-not $existing) {
Write-Host "==> Registering PSGallery repository"
Register-PSResourceRepository -PSGallery -Trusted -ErrorAction Stop
} else {
Write-Host "==> PSGallery already registered; ensuring Trusted + ApiVersion v2"
Set-PSResourceRepository -Name PSGallery -Trusted -ApiVersion v2 -ErrorAction Stop
}
Get-PSResourceRepository -Name PSGallery | Format-Table Name,Uri,Trusted,ApiVersion
- name: Verify PowerShell Gallery API key is configured
shell: pwsh
env:
PSGALLERY_API_KEY: ${{ secrets.PSGALLERY_API_KEY }}
run: |
if ([string]::IsNullOrWhiteSpace($env:PSGALLERY_API_KEY)) {
throw "Repository secret 'PSGALLERY_API_KEY' is not configured."
}
- name: Re-validate downloaded module manifest
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
$manifestPath = Join-Path $PWD 'Module/PSInfisicalAPI/PSInfisicalAPI.psd1'
$manifest = Test-ModuleManifest -Path $manifestPath
Write-Host "Manifest OK: $($manifest.Name) $($manifest.Version)"
- name: Publish to PowerShell Gallery
shell: pwsh
env:
PSGALLERY_API_KEY: ${{ secrets.PSGALLERY_API_KEY }}
run: |
$ErrorActionPreference = 'Stop'
$moduleDir = Join-Path $PWD 'Module/PSInfisicalAPI'
Write-Host "Publishing module from: $moduleDir"
Publish-PSResource `
-Path $moduleDir `
-Repository PSGallery `
-ApiKey $env:PSGALLERY_API_KEY `
-Verbose
CHANGELOG.md
+73 -9
View File
File diff suppressed because one or more lines are too long
Module/PSInfisicalAPI/PSInfisicalAPI.psd1
+4 -2
View File
@@ -1,6 +1,6 @@
@{
RootModule = 'PSInfisicalAPI.psm1'
ModuleVersion = '2026.06.07.0017'
ModuleVersion = '2026.06.16.0217'
GUID = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
Author = 'Grace Solutions'
CompanyName = 'Grace Solutions'
@@ -19,6 +19,7 @@
'Copy-InfisicalSecret',
'ConvertTo-InfisicalSecretDictionary',
'Export-InfisicalSecrets',
'Import-InfisicalSecret',
'Get-InfisicalProject',
'New-InfisicalProject',
'Update-InfisicalProject',
@@ -60,6 +61,7 @@
'Export-InfisicalScepMdmProfile',
'Write-InfisicalScepMdmProfileToWmi',
'Start-InfisicalProcess',
'Get-InfisicalEnvironmentVariable',
'Get-InfisicalSANList'
)
AliasesToExport = @()
@@ -72,7 +74,7 @@
LicenseUri = 'https://www.gnu.org/licenses/agpl-3.0.html'
ProjectUri = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
CommitHash = '77cb03ec9845'
CommitHash = '6318d06362ad'
}
}
}
Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll
BIN
View File
Binary file not shown.
Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml
+77 -3
View File
@@ -295,7 +295,7 @@ $CopyInfisicalSecretResult = Copy-InfisicalSecret @CopyInfisicalSecretParameters
<command:noun>InfisicalSecretDictionary</command:noun>
</command:details>
<maml:description>
<maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins).</maml:para>
<maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins). -Prefix prepends a string to every dictionary key (e.g. SecretName 'API_KEY' with -Prefix 'MYAPP_' becomes key 'MYAPP_API_KEY'); the underlying InfisicalSecret objects are not mutated. A SecretName that already starts with -Prefix (case-insensitive) is left as-is to avoid double-prefixing; pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -322,6 +322,11 @@ $ConvertToInfisicalSecretDictionaryParameters.Verbose = $True
$ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary @ConvertToInfisicalSecretDictionaryParameters</dev:code>
<dev:remarks><maml:para>Aggregates recursive secret results into a plain-text dictionary, with the last value winning on key collisions.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | ConvertTo-InfisicalSecretDictionary -Prefix 'MYAPP_' -AsPlainText</dev:code>
<dev:remarks><maml:para>Builds a plain-text dictionary whose keys are namespaced with 'MYAPP_' (e.g. API_KEY becomes MYAPP_API_KEY); the source InfisicalSecret objects are unchanged.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
@@ -333,7 +338,7 @@ $ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary
<command:noun>InfisicalSecrets</command:noun>
</command:details>
<maml:description>
<maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format.</maml:para>
<maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format; names that already start with -Prefix (case-insensitive) are left as-is to avoid double-prefixing. Pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -369,6 +374,44 @@ $ExportInfisicalSecretsResult = Export-InfisicalSecrets @ExportInfisicalSecretsP
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Import-InfisicalSecret</command:name>
<maml:description><maml:para>Reads a previously exported secrets file (Json, Yaml, Env, or Xml) back into a name-keyed Dictionary.</maml:para></maml:description>
<command:verb>Import</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Loads the file at -Path (which must exist) using the parser matching -Format and returns a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText for a plain string dictionary. -Prefix prepends to every emitted key; keys already starting with -Prefix (case-insensitive) are left as-is to avoid double-prefixing, and -ForcePrefix overrides that gate. -DuplicateKeyBehavior controls collision handling (Error, FirstWins, LastWins). The EnvironmentVariables format is intentionally not supported here; use [Environment]::GetEnvironmentVariable or Get-InfisicalEnvironmentVariable for environment-backed values.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Importers expect the same schema that Export-InfisicalSecrets produces (Json/Yaml = array or 'Secrets' root list of {SecretName, SecretValue}; Xml = &lt;Secrets&gt;&lt;Secret&gt;&lt;SecretName/&gt;&lt;SecretValue/&gt;; Env = KEY=VALUE per line, '#' comments allowed). JSON and YAML additionally accept a flat key/value object as a convenience.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Secrets = Import-InfisicalSecret -Path '.\secrets.json' -Format Json</dev:code>
<dev:remarks><maml:para>Reads a JSON export back into a Dictionary&lt;string, SecureString&gt; keyed by the original SecretName values.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$ImportInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ImportInfisicalSecretParameters.Path = [System.IO.FileInfo]'.\secrets.env'
$ImportInfisicalSecretParameters.Format = 'Env'
$ImportInfisicalSecretParameters.Prefix = 'MYAPP_'
$ImportInfisicalSecretParameters.DuplicateKeyBehavior = 'LastWins'
$ImportInfisicalSecretParameters.AsPlainText = $True
$ImportInfisicalSecretResult = Import-InfisicalSecret @ImportInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Loads a .env file into a plain-text dictionary, namespacing every key with 'MYAPP_' and letting the last occurrence win on duplicates.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalProject</command:name>
@@ -1662,7 +1705,7 @@ $WriteInfisicalScepMdmProfileToWmiResult = Write-InfisicalScepMdmProfileToWmi @W
<command:noun>InfisicalProcess</command:noun>
</command:details>
<maml:description>
<maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
<maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name, skipping names that already start with -Prefix (case-insensitive) unless -ForcePrefix is supplied. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -1701,6 +1744,37 @@ $StartInfisicalProcessResult = Start-InfisicalProcess @StartInfisicalProcessPara
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalEnvironmentVariable</command:name>
<maml:description><maml:para>Reads an environment variable from the first scope that has a non-empty value (Process > User > Machine).</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalEnvironmentVariable</command:noun>
</command:details>
<maml:description>
<maml:para>Returns the value of -Name from the first scope that contains a non-empty value, checking Process, then User, then Machine in that order. Emits nothing when the variable is missing or blank in every scope, so an assignment yields $null without writing errors or warnings. Platform-unsupported scopes (User and Machine on non-Windows) are silently skipped.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Designed for the same discovery semantics the rest of PSInfisicalAPI uses when resolving connection inputs from the environment. Pipe-friendly: accepts -Name from the pipeline by value and by property name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Value = Get-InfisicalEnvironmentVariable -Name 'INFISICAL_CLIENT_ID'</dev:code>
<dev:remarks><maml:para>Returns the first non-empty value of INFISICAL_CLIENT_ID across Process, User, and Machine scopes; assigns $null when the variable is unset everywhere.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>@('INFISICAL_BASE_URI','INFISICAL_PROJECT_ID') | Get-InfisicalEnvironmentVariable</dev:code>
<dev:remarks><maml:para>Pipes a list of variable names through the cmdlet and emits one value per name that is set in any scope.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalOrganization</command:name>
Module/PSInfisicalAPI/en-US/PSInfisicalAPI.dll-Help.xml
+77 -3
View File
@@ -295,7 +295,7 @@ $CopyInfisicalSecretResult = Copy-InfisicalSecret @CopyInfisicalSecretParameters
<command:noun>InfisicalSecretDictionary</command:noun>
</command:details>
<maml:description>
<maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins).</maml:para>
<maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins). -Prefix prepends a string to every dictionary key (e.g. SecretName 'API_KEY' with -Prefix 'MYAPP_' becomes key 'MYAPP_API_KEY'); the underlying InfisicalSecret objects are not mutated. A SecretName that already starts with -Prefix (case-insensitive) is left as-is to avoid double-prefixing; pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -322,6 +322,11 @@ $ConvertToInfisicalSecretDictionaryParameters.Verbose = $True
$ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary @ConvertToInfisicalSecretDictionaryParameters</dev:code>
<dev:remarks><maml:para>Aggregates recursive secret results into a plain-text dictionary, with the last value winning on key collisions.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | ConvertTo-InfisicalSecretDictionary -Prefix 'MYAPP_' -AsPlainText</dev:code>
<dev:remarks><maml:para>Builds a plain-text dictionary whose keys are namespaced with 'MYAPP_' (e.g. API_KEY becomes MYAPP_API_KEY); the source InfisicalSecret objects are unchanged.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
@@ -333,7 +338,7 @@ $ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary
<command:noun>InfisicalSecrets</command:noun>
</command:details>
<maml:description>
<maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format.</maml:para>
<maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format; names that already start with -Prefix (case-insensitive) are left as-is to avoid double-prefixing. Pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -369,6 +374,44 @@ $ExportInfisicalSecretsResult = Export-InfisicalSecrets @ExportInfisicalSecretsP
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Import-InfisicalSecret</command:name>
<maml:description><maml:para>Reads a previously exported secrets file (Json, Yaml, Env, or Xml) back into a name-keyed Dictionary.</maml:para></maml:description>
<command:verb>Import</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Loads the file at -Path (which must exist) using the parser matching -Format and returns a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText for a plain string dictionary. -Prefix prepends to every emitted key; keys already starting with -Prefix (case-insensitive) are left as-is to avoid double-prefixing, and -ForcePrefix overrides that gate. -DuplicateKeyBehavior controls collision handling (Error, FirstWins, LastWins). The EnvironmentVariables format is intentionally not supported here; use [Environment]::GetEnvironmentVariable or Get-InfisicalEnvironmentVariable for environment-backed values.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Importers expect the same schema that Export-InfisicalSecrets produces (Json/Yaml = array or 'Secrets' root list of {SecretName, SecretValue}; Xml = &lt;Secrets&gt;&lt;Secret&gt;&lt;SecretName/&gt;&lt;SecretValue/&gt;; Env = KEY=VALUE per line, '#' comments allowed). JSON and YAML additionally accept a flat key/value object as a convenience.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Secrets = Import-InfisicalSecret -Path '.\secrets.json' -Format Json</dev:code>
<dev:remarks><maml:para>Reads a JSON export back into a Dictionary&lt;string, SecureString&gt; keyed by the original SecretName values.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$ImportInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ImportInfisicalSecretParameters.Path = [System.IO.FileInfo]'.\secrets.env'
$ImportInfisicalSecretParameters.Format = 'Env'
$ImportInfisicalSecretParameters.Prefix = 'MYAPP_'
$ImportInfisicalSecretParameters.DuplicateKeyBehavior = 'LastWins'
$ImportInfisicalSecretParameters.AsPlainText = $True
$ImportInfisicalSecretResult = Import-InfisicalSecret @ImportInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Loads a .env file into a plain-text dictionary, namespacing every key with 'MYAPP_' and letting the last occurrence win on duplicates.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalProject</command:name>
@@ -1662,7 +1705,7 @@ $WriteInfisicalScepMdmProfileToWmiResult = Write-InfisicalScepMdmProfileToWmi @W
<command:noun>InfisicalProcess</command:noun>
</command:details>
<maml:description>
<maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
<maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name, skipping names that already start with -Prefix (case-insensitive) unless -ForcePrefix is supplied. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
@@ -1701,6 +1744,37 @@ $StartInfisicalProcessResult = Start-InfisicalProcess @StartInfisicalProcessPara
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalEnvironmentVariable</command:name>
<maml:description><maml:para>Reads an environment variable from the first scope that has a non-empty value (Process > User > Machine).</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalEnvironmentVariable</command:noun>
</command:details>
<maml:description>
<maml:para>Returns the value of -Name from the first scope that contains a non-empty value, checking Process, then User, then Machine in that order. Emits nothing when the variable is missing or blank in every scope, so an assignment yields $null without writing errors or warnings. Platform-unsupported scopes (User and Machine on non-Windows) are silently skipped.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Designed for the same discovery semantics the rest of PSInfisicalAPI uses when resolving connection inputs from the environment. Pipe-friendly: accepts -Name from the pipeline by value and by property name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Value = Get-InfisicalEnvironmentVariable -Name 'INFISICAL_CLIENT_ID'</dev:code>
<dev:remarks><maml:para>Returns the first non-empty value of INFISICAL_CLIENT_ID across Process, User, and Machine scopes; assigns $null when the variable is unset everywhere.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>@('INFISICAL_BASE_URI','INFISICAL_PROJECT_ID') | Get-InfisicalEnvironmentVariable</dev:code>
<dev:remarks><maml:para>Pipes a list of variable names through the cmdlet and emits one value per name that is set in any scope.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalOrganization</command:name>
build.ps1
+3 -1
View File
@@ -113,6 +113,7 @@ function Write-Manifest {
'Copy-InfisicalSecret',
'ConvertTo-InfisicalSecretDictionary',
'Export-InfisicalSecrets',
'Import-InfisicalSecret',
'Get-InfisicalProject',
'New-InfisicalProject',
'Update-InfisicalProject',
@@ -154,6 +155,7 @@ function Write-Manifest {
'Export-InfisicalScepMdmProfile',
'Write-InfisicalScepMdmProfileToWmi',
'Start-InfisicalProcess',
'Get-InfisicalEnvironmentVariable',
'Get-InfisicalSANList'
)
AliasesToExport = @()
@@ -219,7 +221,7 @@ if (`$cmds.Count -eq 0) {
throw "No cmdlets were exported by the PSInfisicalAPI module."
}
`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalOrganization','New-InfisicalOrganization','Update-InfisicalOrganization','Remove-InfisicalOrganization','Get-InfisicalSubOrganization','New-InfisicalSubOrganization','Update-InfisicalSubOrganization','Remove-InfisicalSubOrganization','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificatePolicy','Get-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate','Get-InfisicalCertificateApplication','Get-InfisicalCertificateApplicationEnrollment','New-InfisicalScepDynamicChallenge','Get-InfisicalScepMdmProfile','Export-InfisicalScepMdmProfile','Write-InfisicalScepMdmProfileToWmi','Start-InfisicalProcess','Get-InfisicalSANList')
`$expectedCmds = @('Connect-Infisical','Disconnect-Infisical','Get-InfisicalSecret','New-InfisicalSecret','Update-InfisicalSecret','Remove-InfisicalSecret','Copy-InfisicalSecret','ConvertTo-InfisicalSecretDictionary','Export-InfisicalSecrets','Import-InfisicalSecret','Get-InfisicalProject','New-InfisicalProject','Update-InfisicalProject','Remove-InfisicalProject','Get-InfisicalEnvironment','New-InfisicalEnvironment','Update-InfisicalEnvironment','Remove-InfisicalEnvironment','Get-InfisicalFolder','New-InfisicalFolder','Update-InfisicalFolder','Remove-InfisicalFolder','Get-InfisicalTag','New-InfisicalTag','Update-InfisicalTag','Remove-InfisicalTag','Get-InfisicalOrganization','New-InfisicalOrganization','Update-InfisicalOrganization','Remove-InfisicalOrganization','Get-InfisicalSubOrganization','New-InfisicalSubOrganization','Update-InfisicalSubOrganization','Remove-InfisicalSubOrganization','Get-InfisicalCertificateAuthority','Get-InfisicalPkiSubscriber','Get-InfisicalCertificateProfile','Get-InfisicalCertificatePolicy','Get-InfisicalCertificate','Request-InfisicalCertificate','ConvertTo-InfisicalCertificate','Install-InfisicalCertificate','Uninstall-InfisicalCertificate','Export-InfisicalCertificate','Get-InfisicalCertificateApplication','Get-InfisicalCertificateApplicationEnrollment','New-InfisicalScepDynamicChallenge','Get-InfisicalScepMdmProfile','Export-InfisicalScepMdmProfile','Write-InfisicalScepMdmProfileToWmi','Start-InfisicalProcess','Get-InfisicalEnvironmentVariable','Get-InfisicalSANList')
foreach (`$expected in `$expectedCmds) {
if (-not (Get-Command -Name `$expected -Module PSInfisicalAPI -ErrorAction SilentlyContinue)) {
throw "Cmdlet not found: `$expected"
docs/DesignSpec.md → docs/DesignSpec_PSInfisicalAPI.md
+6 -4
View File
@@ -1222,7 +1222,8 @@ Export-InfisicalSecrets `
[-Scope <Process|User|Machine>] `
[-Force] `
[-Encoding <UTF8|UTF8Bom|Unicode>] `
[-Prefix <string>]
[-SecretsPrefix <string>] `
[-ForceSecretsPrefix]
```
## Parameter Rules
@@ -1521,8 +1522,9 @@ Start-InfisicalProcess
[-SecureArgumentList]
[-LogOutput]
[-ContinueOnError]
[-Secret <InfisicalSecret[]>]
[-Prefix <string>]
[-Secrets <InfisicalSecret[]>]
[-SecretsPrefix <string>]
[-ForceSecretsPrefix]
```
Behavior:
@@ -1530,7 +1532,7 @@ Behavior:
```text
Buffer pipeline InfisicalSecret objects in ProcessRecord.
Decrypt secrets only into ProcessStartInfo.Environment.
Apply -Prefix to each secret name before injection.
Apply -SecretsPrefix to each secret name before injection.
Never write secret plaintext to user or machine environment scope.
Honor -WhatIf / -Confirm.
Default -AcceptableExitCodeList = @('0','3010').
src/PSInfisicalAPI/Cmdlets/ConvertToInfisicalSecretDictionaryCmdlet.cs
+14 -1
View File
@@ -2,6 +2,7 @@ using System;
using System.Collections.Generic;
using System.Management.Automation;
using System.Security;
using PSInfisicalAPI.Common;
using PSInfisicalAPI.Errors;
using PSInfisicalAPI.Models;
@@ -21,6 +22,14 @@ namespace PSInfisicalAPI.Cmdlets
[Parameter]
public SwitchParameter AsPlainText { get; set; }
[Parameter]
[Alias("Prefix")]
public string SecretsPrefix { get; set; }
[Parameter]
[Alias("ForcePrefix")]
public SwitchParameter ForceSecretsPrefix { get; set; }
private readonly List<InfisicalSecret> _buffer = new List<InfisicalSecret>();
protected override void ProcessRecord()
@@ -40,14 +49,18 @@ namespace PSInfisicalAPI.Cmdlets
{
try
{
Logger.Information("ConvertTo-InfisicalSecretDictionary", string.Concat("Processing ", _buffer.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " input secret(s)."));
if (AsPlainText.IsPresent)
{
Dictionary<string, string> plain = BuildDictionary<string>(secret => secret.GetPlainTextValue());
Logger.Information("ConvertTo-InfisicalSecretDictionary", string.Concat("Built plain-text dictionary with ", plain.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " entry/entries."));
WriteObject(plain);
}
else
{
Dictionary<string, SecureString> secure = BuildDictionary<SecureString>(secret => secret.SecretValue);
Logger.Information("ConvertTo-InfisicalSecretDictionary", string.Concat("Built SecureString dictionary with ", secure.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " entry/entries."));
WriteObject(secure);
}
}
@@ -63,7 +76,7 @@ namespace PSInfisicalAPI.Cmdlets
foreach (InfisicalSecret secret in _buffer)
{
string key = secret.SecretName ?? string.Empty;
string key = InfisicalPrefix.Apply(secret.SecretName ?? string.Empty, SecretsPrefix, ForceSecretsPrefix.IsPresent);
if (dictionary.ContainsKey(key))
{
src/PSInfisicalAPI/Cmdlets/ExportInfisicalSecretsCmdlet.cs
+12 -4
View File
@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Management.Automation;
using System.Text;
using PSInfisicalAPI.Common;
using PSInfisicalAPI.Errors;
using PSInfisicalAPI.Exports;
using PSInfisicalAPI.Models;
@@ -38,7 +39,12 @@ namespace PSInfisicalAPI.Cmdlets
public InfisicalExportEncoding Encoding { get; set; } = InfisicalExportEncoding.UTF8;
[Parameter]
public string Prefix { get; set; }
[Alias("Prefix")]
public string SecretsPrefix { get; set; }
[Parameter]
[Alias("ForcePrefix")]
public SwitchParameter ForceSecretsPrefix { get; set; }
private readonly List<InfisicalSecret> _buffer = new List<InfisicalSecret>();
@@ -69,9 +75,11 @@ namespace PSInfisicalAPI.Cmdlets
{
}
Logger.Information("Export-InfisicalSecrets", string.Concat("Exporting ", _buffer.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret(s) as ", Format.ToString(), (Path != null ? string.Concat(" to '", Path.FullName, "'") : string.Empty), "."));
InfisicalExportRequest request = new InfisicalExportRequest
{
Secrets = ApplyPrefix(_buffer, Prefix),
Secrets = ApplySecretsPrefix(_buffer, SecretsPrefix, ForceSecretsPrefix.IsPresent),
Format = Format,
Path = Path,
Scope = Scope,
@@ -88,7 +96,7 @@ namespace PSInfisicalAPI.Cmdlets
}
}
private static InfisicalSecret[] ApplyPrefix(List<InfisicalSecret> source, string prefix)
private static InfisicalSecret[] ApplySecretsPrefix(List<InfisicalSecret> source, string prefix, bool force)
{
if (string.IsNullOrEmpty(prefix)) { return source.ToArray(); }
@@ -104,7 +112,7 @@ namespace PSInfisicalAPI.Cmdlets
Environment = original.Environment,
Version = original.Version,
Type = original.Type,
SecretName = string.Concat(prefix, original.SecretName),
SecretName = InfisicalPrefix.Apply(original.SecretName, prefix, force),
SecretValue = original.SecretValue,
SecretValueHidden = original.SecretValueHidden,
SecretPath = original.SecretPath,
src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificateApplicationCmdlet.cs
+1
View File
@@ -46,6 +46,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalCertificateApplication[] all = client.ListCertificateApplications(connection, ProjectId, Limit, Offset);
Logger.Information("Get-InfisicalCertificateApplication", string.Concat("Returned ", all.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " certificate application(s)."));
foreach (InfisicalCertificateApplication app in all)
{
WriteObject(app);
src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificateAuthorityCmdlet.cs
+1
View File
@@ -52,6 +52,7 @@ namespace PSInfisicalAPI.Cmdlets
}
}
Logger.Information("Get-InfisicalCertificateAuthority", string.Concat("Returned ", all.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " certificate authority/authorities (kind=", Kind, ")."));
foreach (InfisicalCertificateAuthority ca in all)
{
WriteObject(ca);
src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificateCmdlet.cs
+2
View File
@@ -129,6 +129,8 @@ namespace PSInfisicalAPI.Cmdlets
query.Offset = (query.Offset ?? 0) + page.Certificates.Length;
}
Logger.Information("Get-InfisicalCertificate", string.Concat("Returned ", emitted.ToString(System.Globalization.CultureInfo.InvariantCulture), " certificate(s)."));
}
catch (Exception exception)
{
src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificatePolicyCmdlet.cs
+1
View File
@@ -39,6 +39,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalCertificatePolicy[] all = client.ListCertificatePolicies(connection, ProjectId, Limit, Offset);
Logger.Information("Get-InfisicalCertificatePolicy", string.Concat("Returned ", all.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " certificate policy/policies."));
foreach (InfisicalCertificatePolicy policy in all)
{
WriteObject(policy);
src/PSInfisicalAPI/Cmdlets/GetInfisicalCertificateProfileCmdlet.cs
+1
View File
@@ -42,6 +42,7 @@ namespace PSInfisicalAPI.Cmdlets
bool? includeConfigs = MyInvocation.BoundParameters.ContainsKey("IncludeConfigs") ? (bool?)IncludeConfigs.IsPresent : null;
InfisicalCertificateProfile[] all = client.ListCertificateProfiles(connection, ProjectId, Limit, Offset, includeConfigs);
Logger.Information("Get-InfisicalCertificateProfile", string.Concat("Returned ", all.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " certificate profile(s)."));
foreach (InfisicalCertificateProfile profile in all)
{
WriteObject(profile);
src/PSInfisicalAPI/Cmdlets/GetInfisicalEnvironmentCmdlet.cs
+1
View File
@@ -35,6 +35,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalEnvironment[] envs = client.List(connection, ProjectId);
Logger.Information("Get-InfisicalEnvironment", string.Concat("Returned ", envs.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " environment(s)."));
foreach (InfisicalEnvironment env in envs)
{
WriteObject(env);
src/PSInfisicalAPI/Cmdlets/GetInfisicalEnvironmentVariableCmdlet.cs
+57
View File
@@ -0,0 +1,57 @@
using System;
using System.Management.Automation;
namespace PSInfisicalAPI.Cmdlets
{
[Cmdlet(VerbsCommon.Get, "InfisicalEnvironmentVariable")]
[OutputType(typeof(string))]
public sealed class GetInfisicalEnvironmentVariableCmdlet : InfisicalCmdletBase
{
private const string Component = "Get-InfisicalEnvironmentVariable";
private static readonly EnvironmentVariableTarget[] TargetOrder = new[]
{
EnvironmentVariableTarget.Process,
EnvironmentVariableTarget.User,
EnvironmentVariableTarget.Machine
};
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, ValueFromPipelineByPropertyName = true)]
[ValidateNotNullOrEmpty]
public string Name { get; set; }
[Parameter(Position = 1)]
public EnvironmentVariableTarget? Scope { get; set; }
protected override void ProcessRecord()
{
EnvironmentVariableTarget[] targets = Scope.HasValue ? new[] { Scope.Value } : TargetOrder;
foreach (EnvironmentVariableTarget target in targets)
{
Logger.Verbose(Component, string.Concat("Searching ", target.ToString(), " scope for environment variable '", Name, "'."));
string value;
try
{
value = Environment.GetEnvironmentVariable(Name, target);
}
catch (Exception exception)
{
Logger.Verbose(Component, string.Concat("Failed to read ", target.ToString(), " scope for environment variable '", Name, "': ", exception.Message));
continue;
}
if (!string.IsNullOrEmpty(value))
{
Logger.Information(Component, string.Concat("Found environment variable '", Name, "' in ", target.ToString(), " scope."));
WriteObject(value);
return;
}
}
string scopeDescription = Scope.HasValue ? string.Concat(Scope.Value.ToString(), " scope") : "Process, User, or Machine scope";
Logger.Information(Component, string.Concat("Environment variable '", Name, "' was not found in ", scopeDescription, "."));
}
}
}
src/PSInfisicalAPI/Cmdlets/GetInfisicalFolderCmdlet.cs
+1
View File
@@ -37,6 +37,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalFolder[] folders = client.List(connection, ProjectId, Environment, Path);
Logger.Information("Get-InfisicalFolder", string.Concat("Returned ", folders.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " folder(s) from '", Path ?? "/", "'."));
foreach (InfisicalFolder folder in folders)
{
WriteObject(folder);
src/PSInfisicalAPI/Cmdlets/GetInfisicalOrganizationCmdlet.cs
+1
View File
@@ -33,6 +33,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalOrganization[] organizations = client.List(connection);
Logger.Information("Get-InfisicalOrganization", string.Concat("Returned ", organizations.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " organization(s)."));
foreach (InfisicalOrganization organization in organizations)
{
WriteObject(organization);
src/PSInfisicalAPI/Cmdlets/GetInfisicalPkiSubscriberCmdlet.cs
+1
View File
@@ -35,6 +35,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalPkiSubscriber[] all = client.ListPkiSubscribers(connection, ProjectId);
Logger.Information("Get-InfisicalPkiSubscriber", string.Concat("Returned ", all.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " PKI subscriber(s)."));
foreach (InfisicalPkiSubscriber subscriber in all)
{
WriteObject(subscriber);
src/PSInfisicalAPI/Cmdlets/GetInfisicalProjectCmdlet.cs
+1
View File
@@ -39,6 +39,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalProject[] projects = client.List(connection, Type, IncludeRoles.IsPresent);
Logger.Information("Get-InfisicalProject", string.Concat("Returned ", projects.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " project(s)."));
foreach (InfisicalProject project in projects)
{
WriteObject(project);
src/PSInfisicalAPI/Cmdlets/GetInfisicalSecretCmdlet.cs
+7
View File
@@ -1,6 +1,7 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Globalization;
using System.Management.Automation;
using PSInfisicalAPI.Connections;
using PSInfisicalAPI.Models;
@@ -57,8 +58,13 @@ namespace PSInfisicalAPI.Cmdlets
InfisicalSecret secret = client.Retrieve(connection, query);
if (secret != null)
{
Logger.Information("Get-InfisicalSecret", string.Concat("Returned 1 secret for '", SecretName, "'."));
WriteObject(secret);
}
else
{
Logger.Information("Get-InfisicalSecret", string.Concat("No secret returned for '", SecretName, "'."));
}
return;
}
@@ -79,6 +85,7 @@ namespace PSInfisicalAPI.Cmdlets
};
InfisicalSecret[] secrets = client.List(connection, listQuery);
Logger.Information("Get-InfisicalSecret", string.Concat("Returned ", secrets.Length.ToString(CultureInfo.InvariantCulture), " secret(s) from '", SecretPath ?? "/", "' (recursive=", Recursive.IsPresent ? "true" : "false", ", includeImports=", IncludeImports.IsPresent ? "true" : "false", ")."));
foreach (InfisicalSecret secret in secrets)
{
WriteObject(secret);
src/PSInfisicalAPI/Cmdlets/GetInfisicalSubOrganizationCmdlet.cs
+1
View File
@@ -45,6 +45,7 @@ namespace PSInfisicalAPI.Cmdlets
bool? isAccessible = MyInvocation.BoundParameters.ContainsKey("IsAccessible") ? (bool?)IsAccessible.IsPresent : null;
InfisicalSubOrganization[] subOrganizations = client.List(connection, Limit, Offset, Search, OrderBy, OrderDirection, isAccessible);
Logger.Information("Get-InfisicalSubOrganization", string.Concat("Returned ", subOrganizations.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " sub-organization(s)."));
foreach (InfisicalSubOrganization subOrganization in subOrganizations)
{
WriteObject(subOrganization);
src/PSInfisicalAPI/Cmdlets/GetInfisicalTagCmdlet.cs
+1
View File
@@ -35,6 +35,7 @@ namespace PSInfisicalAPI.Cmdlets
}
InfisicalTag[] tags = client.List(connection, ProjectId);
Logger.Information("Get-InfisicalTag", string.Concat("Returned ", tags.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " tag(s)."));
foreach (InfisicalTag tag in tags)
{
WriteObject(tag);
src/PSInfisicalAPI/Cmdlets/ImportInfisicalSecretCmdlet.cs
+105
View File
@@ -0,0 +1,105 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Management.Automation;
using System.Security;
using PSInfisicalAPI.Common;
using PSInfisicalAPI.Errors;
using PSInfisicalAPI.Imports;
using PSInfisicalAPI.Models;
using PSInfisicalAPI.Security;
namespace PSInfisicalAPI.Cmdlets
{
[Cmdlet(VerbsData.Import, "InfisicalSecret")]
[OutputType(typeof(Dictionary<string, SecureString>))]
[OutputType(typeof(Dictionary<string, string>))]
public sealed class ImportInfisicalSecretCmdlet : InfisicalCmdletBase
{
[Parameter(Mandatory = true, Position = 0)]
[ValidateNotNull]
public FileInfo Path { get; set; }
[Parameter(Mandatory = true)]
public InfisicalImportFormat Format { get; set; }
[Parameter]
public InfisicalDuplicateKeyBehavior DuplicateKeyBehavior { get; set; } = InfisicalDuplicateKeyBehavior.Error;
[Parameter]
public SwitchParameter AsPlainText { get; set; }
[Parameter]
[Alias("Prefix")]
public string SecretsPrefix { get; set; }
[Parameter]
[Alias("ForcePrefix")]
public SwitchParameter ForceSecretsPrefix { get; set; }
protected override void EndProcessing()
{
try
{
Path.Refresh();
if (!Path.Exists)
{
throw new InfisicalImportException(string.Concat("Import path does not exist: ", Path.FullName));
}
IInfisicalImporter importer = InfisicalImporterFactory.Create(Format);
IList<KeyValuePair<string, string>> pairs = importer.Import(Path);
Logger.Information("Import-InfisicalSecret", string.Concat("Parsed ", pairs.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret pair(s) from '", Path.FullName, "' (format=", Format.ToString(), ")."));
if (AsPlainText.IsPresent)
{
Dictionary<string, string> plain = BuildDictionary<string>(pairs, value => value ?? string.Empty);
Logger.Information("Import-InfisicalSecret", string.Concat("Built plain-text dictionary with ", plain.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " entry/entries."));
WriteObject(plain);
}
else
{
Dictionary<string, SecureString> secure = BuildDictionary<SecureString>(pairs, value => SecureStringUtility.ToReadOnlySecureString(value ?? string.Empty));
Logger.Information("Import-InfisicalSecret", string.Concat("Built SecureString dictionary with ", secure.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " entry/entries."));
WriteObject(secure);
}
}
catch (Exception exception)
{
ThrowTerminatingForException("ImportInfisicalSecretCmdlet", "ImportSecret", exception);
}
}
private Dictionary<string, TValue> BuildDictionary<TValue>(
IList<KeyValuePair<string, string>> pairs,
Func<string, TValue> valueSelector)
{
Dictionary<string, TValue> dictionary = new Dictionary<string, TValue>(StringComparer.OrdinalIgnoreCase);
foreach (KeyValuePair<string, string> pair in pairs)
{
if (pair.Key == null) { continue; }
string key = InfisicalPrefix.Apply(pair.Key, SecretsPrefix, ForceSecretsPrefix.IsPresent);
if (dictionary.ContainsKey(key))
{
if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.Error)
{
throw new InfisicalConfigurationException(string.Concat("Duplicate secret name encountered: ", key));
}
if (DuplicateKeyBehavior == InfisicalDuplicateKeyBehavior.LastWins)
{
dictionary[key] = valueSelector(pair.Value);
}
continue;
}
dictionary[key] = valueSelector(pair.Value);
}
return dictionary;
}
}
}
src/PSInfisicalAPI/Cmdlets/NewInfisicalSecretCmdlet.cs
+2
View File
@@ -58,10 +58,12 @@ namespace PSInfisicalAPI.Cmdlets
Secrets = InfisicalBulkSecretConverter.ToCreateItems(Secrets)
};
Logger.Information("New-InfisicalSecret", string.Concat("Bulk-creating ", Secrets.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret(s)."));
InfisicalSecretsClient bulkClient = new InfisicalSecretsClient(HttpClient, Logger);
InfisicalSecret[] created = bulkClient.CreateBatch(connection, bulk);
if (created != null)
{
Logger.Information("New-InfisicalSecret", string.Concat("Server returned ", created.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " created secret(s)."));
foreach (InfisicalSecret secret in created) { WriteObject(secret); }
}
src/PSInfisicalAPI/Cmdlets/RemoveInfisicalSecretCmdlet.cs
+1
View File
@@ -47,6 +47,7 @@ namespace PSInfisicalAPI.Cmdlets
SecretNames = SecretNames
};
Logger.Information("Remove-InfisicalSecret", string.Concat("Bulk-removing ", SecretNames.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret(s)."));
client.DeleteBatch(connection, bulk);
if (PassThru.IsPresent)
src/PSInfisicalAPI/Cmdlets/StartInfisicalProcessCmdlet.cs
+15 -6
View File
@@ -89,18 +89,23 @@ namespace PSInfisicalAPI.Cmdlets
public SwitchParameter ContinueOnError { get; set; }
[Parameter(ValueFromPipeline = true)]
[Alias("Secrets", "InputObject")]
public InfisicalSecret[] Secret { get; set; }
[Alias("Secret", "InputObject")]
public InfisicalSecret[] Secrets { get; set; }
[Parameter]
public string Prefix { get; set; }
[Alias("Prefix")]
public string SecretsPrefix { get; set; }
[Parameter]
[Alias("ForcePrefix")]
public SwitchParameter ForceSecretsPrefix { get; set; }
private readonly List<InfisicalSecret> _secretBuffer = new List<InfisicalSecret>();
protected override void ProcessRecord()
{
if (Secret == null) { return; }
foreach (InfisicalSecret secret in Secret)
if (Secrets == null) { return; }
foreach (InfisicalSecret secret in Secrets)
{
if (secret != null) { _secretBuffer.Add(secret); }
}
@@ -116,6 +121,9 @@ namespace PSInfisicalAPI.Cmdlets
if (!ShouldProcess(target, "Start process with Infisical secrets")) { return; }
int envVarCount = EnvironmentVariables != null ? EnvironmentVariables.Count : 0;
Logger.Information("Start-InfisicalProcess", string.Concat("Injecting ", _secretBuffer.Count.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret(s) and ", envVarCount.ToString(System.Globalization.CultureInfo.InvariantCulture), " explicit environment variable(s) into process environment."));
InfisicalProcessOptions options = new InfisicalProcessOptions
{
FilePath = FilePath,
@@ -135,7 +143,8 @@ namespace PSInfisicalAPI.Cmdlets
LogOutput = LogOutput.IsPresent,
ContinueOnError = ContinueOnError.IsPresent,
Secrets = _secretBuffer.ToArray(),
Prefix = Prefix
SecretsPrefix = SecretsPrefix,
ForceSecretsPrefix = ForceSecretsPrefix.IsPresent
};
InfisicalProcessResult result = InfisicalProcessRunner.Run(options, Logger);
src/PSInfisicalAPI/Cmdlets/UpdateInfisicalSecretCmdlet.cs
+2
View File
@@ -56,10 +56,12 @@ namespace PSInfisicalAPI.Cmdlets
Secrets = InfisicalBulkSecretConverter.ToUpdateItems(Secrets)
};
Logger.Information("Update-InfisicalSecret", string.Concat("Bulk-updating ", Secrets.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " secret(s)."));
InfisicalSecretsClient bulkClient = new InfisicalSecretsClient(HttpClient, Logger);
InfisicalSecret[] updated = bulkClient.UpdateBatch(connection, bulk);
if (updated != null)
{
Logger.Information("Update-InfisicalSecret", string.Concat("Server returned ", updated.Length.ToString(System.Globalization.CultureInfo.InvariantCulture), " updated secret(s)."));
foreach (InfisicalSecret secret in updated) { WriteObject(secret); }
}
src/PSInfisicalAPI/Common/InfisicalPrefix.cs
+15
View File
@@ -0,0 +1,15 @@
using System;
namespace PSInfisicalAPI.Common
{
public static class InfisicalPrefix
{
public static string Apply(string original, string prefix, bool force)
{
if (string.IsNullOrEmpty(prefix)) { return original ?? string.Empty; }
if (original == null) { return prefix; }
if (!force && original.StartsWith(prefix, StringComparison.OrdinalIgnoreCase)) { return original; }
return string.Concat(prefix, original);
}
}
}
src/PSInfisicalAPI/Errors/InfisicalException.cs
+7
View File
@@ -75,6 +75,13 @@ namespace PSInfisicalAPI.Errors
public InfisicalExportException(string message, Exception innerException) : base(message, innerException) { }
}
public class InfisicalImportException : InfisicalException
{
public InfisicalImportException() { }
public InfisicalImportException(string message) : base(message) { }
public InfisicalImportException(string message, Exception innerException) : base(message, innerException) { }
}
public class InfisicalConfigurationException : InfisicalException
{
public InfisicalConfigurationException() { }
src/PSInfisicalAPI/Imports/EnvInfisicalImporter.cs
+36
View File
@@ -0,0 +1,36 @@
using System.Collections.Generic;
using System.IO;
using PSInfisicalAPI.Errors;
namespace PSInfisicalAPI.Imports
{
public sealed class EnvInfisicalImporter : IInfisicalImporter
{
public IList<KeyValuePair<string, string>> Import(FileInfo path)
{
if (path == null) { throw new InfisicalImportException("Path is required for ENV import."); }
List<KeyValuePair<string, string>> result = new List<KeyValuePair<string, string>>();
string[] lines = File.ReadAllLines(path.FullName);
foreach (string raw in lines)
{
if (raw == null) { continue; }
string line = raw.Trim();
if (line.Length == 0) { continue; }
if (line[0] == '#') { continue; }
int idx = line.IndexOf('=');
if (idx <= 0) { continue; }
string key = line.Substring(0, idx).Trim();
string value = line.Substring(idx + 1);
if (key.Length == 0) { continue; }
result.Add(new KeyValuePair<string, string>(key, value));
}
return result;
}
}
}
src/PSInfisicalAPI/Imports/IInfisicalImporter.cs
+10
View File
@@ -0,0 +1,10 @@
using System.Collections.Generic;
using System.IO;
namespace PSInfisicalAPI.Imports
{
public interface IInfisicalImporter
{
IList<KeyValuePair<string, string>> Import(FileInfo path);
}
}
src/PSInfisicalAPI/Imports/InfisicalImporterFactory.cs
+20
View File
@@ -0,0 +1,20 @@
using PSInfisicalAPI.Errors;
using PSInfisicalAPI.Models;
namespace PSInfisicalAPI.Imports
{
public static class InfisicalImporterFactory
{
public static IInfisicalImporter Create(InfisicalImportFormat format)
{
switch (format)
{
case InfisicalImportFormat.Json: return new JsonInfisicalImporter();
case InfisicalImportFormat.Yaml: return new YamlInfisicalImporter();
case InfisicalImportFormat.Env: return new EnvInfisicalImporter();
case InfisicalImportFormat.Xml: return new XmlInfisicalImporter();
default: throw new InfisicalImportException(string.Concat("Unsupported import format: ", format.ToString()));
}
}
}
}
src/PSInfisicalAPI/Imports/JsonInfisicalImporter.cs
+53
View File
@@ -0,0 +1,53 @@
using System.Collections.Generic;
using System.IO;
using Newtonsoft.Json.Linq;
using PSInfisicalAPI.Errors;
namespace PSInfisicalAPI.Imports
{
public sealed class JsonInfisicalImporter : IInfisicalImporter
{
public IList<KeyValuePair<string, string>> Import(FileInfo path)
{
if (path == null) { throw new InfisicalImportException("Path is required for JSON import."); }
List<KeyValuePair<string, string>> result = new List<KeyValuePair<string, string>>();
string text = File.ReadAllText(path.FullName);
JToken root = JToken.Parse(text);
if (root.Type == JTokenType.Array)
{
foreach (JToken item in (JArray)root)
{
if (item == null || item.Type != JTokenType.Object) { continue; }
string key = ReadString((JObject)item, "SecretName") ?? ReadString((JObject)item, "secretName");
string value = ReadString((JObject)item, "SecretValue") ?? ReadString((JObject)item, "secretValue");
if (string.IsNullOrEmpty(key)) { continue; }
result.Add(new KeyValuePair<string, string>(key, value ?? string.Empty));
}
}
else if (root.Type == JTokenType.Object)
{
foreach (JProperty prop in ((JObject)root).Properties())
{
if (prop == null || string.IsNullOrEmpty(prop.Name)) { continue; }
string value = prop.Value != null && prop.Value.Type != JTokenType.Null ? prop.Value.ToString() : string.Empty;
result.Add(new KeyValuePair<string, string>(prop.Name, value));
}
}
else
{
throw new InfisicalImportException("JSON import expects an array of secret objects or a flat key/value object.");
}
return result;
}
private static string ReadString(JObject obj, string name)
{
JToken token;
if (!obj.TryGetValue(name, out token) || token == null || token.Type == JTokenType.Null) { return null; }
return token.ToString();
}
}
}
src/PSInfisicalAPI/Imports/XmlInfisicalImporter.cs
+51
View File
@@ -0,0 +1,51 @@
using System.Collections.Generic;
using System.IO;
using System.Xml;
using PSInfisicalAPI.Errors;
namespace PSInfisicalAPI.Imports
{
public sealed class XmlInfisicalImporter : IInfisicalImporter
{
public IList<KeyValuePair<string, string>> Import(FileInfo path)
{
if (path == null) { throw new InfisicalImportException("Path is required for XML import."); }
List<KeyValuePair<string, string>> result = new List<KeyValuePair<string, string>>();
XmlDocument document = new XmlDocument();
document.Load(path.FullName);
XmlNode root = document.DocumentElement;
if (root == null || !string.Equals(root.LocalName, "Secrets", System.StringComparison.Ordinal))
{
throw new InfisicalImportException("XML import expects a root <Secrets> element.");
}
foreach (XmlNode node in root.ChildNodes)
{
if (node == null || node.NodeType != XmlNodeType.Element) { continue; }
if (!string.Equals(node.LocalName, "Secret", System.StringComparison.Ordinal)) { continue; }
string key = ReadChild(node, "SecretName");
string value = ReadChild(node, "SecretValue");
if (string.IsNullOrEmpty(key)) { continue; }
result.Add(new KeyValuePair<string, string>(key, value ?? string.Empty));
}
return result;
}
private static string ReadChild(XmlNode parent, string name)
{
foreach (XmlNode child in parent.ChildNodes)
{
if (child == null || child.NodeType != XmlNodeType.Element) { continue; }
if (string.Equals(child.LocalName, name, System.StringComparison.Ordinal))
{
return child.InnerText;
}
}
return null;
}
}
}
src/PSInfisicalAPI/Imports/YamlInfisicalImporter.cs
+61
View File
@@ -0,0 +1,61 @@
using System.Collections;
using System.Collections.Generic;
using System.IO;
using PSInfisicalAPI.Errors;
using YamlDotNet.Serialization;
namespace PSInfisicalAPI.Imports
{
public sealed class YamlInfisicalImporter : IInfisicalImporter
{
public IList<KeyValuePair<string, string>> Import(FileInfo path)
{
if (path == null) { throw new InfisicalImportException("Path is required for YAML import."); }
List<KeyValuePair<string, string>> result = new List<KeyValuePair<string, string>>();
string text = File.ReadAllText(path.FullName);
IDeserializer deserializer = new DeserializerBuilder().Build();
object root = deserializer.Deserialize<object>(text);
if (root == null) { return result; }
IDictionary rootMap = root as IDictionary;
if (rootMap != null && rootMap.Contains("Secrets"))
{
IList entries = rootMap["Secrets"] as IList;
if (entries != null)
{
foreach (object entry in entries)
{
IDictionary map = entry as IDictionary;
if (map == null) { continue; }
string key = AsString(map["SecretName"]);
string value = AsString(map["SecretValue"]);
if (string.IsNullOrEmpty(key)) { continue; }
result.Add(new KeyValuePair<string, string>(key, value ?? string.Empty));
}
return result;
}
}
if (rootMap != null)
{
foreach (DictionaryEntry kvp in rootMap)
{
string key = AsString(kvp.Key);
if (string.IsNullOrEmpty(key)) { continue; }
result.Add(new KeyValuePair<string, string>(key, AsString(kvp.Value) ?? string.Empty));
}
return result;
}
throw new InfisicalImportException("YAML import expects a 'Secrets' root list or a flat key/value mapping.");
}
private static string AsString(object value)
{
if (value == null) { return null; }
return value.ToString();
}
}
}
src/PSInfisicalAPI/Models/InfisicalImportFormat.cs
+10
View File
@@ -0,0 +1,10 @@
namespace PSInfisicalAPI.Models
{
public enum InfisicalImportFormat
{
Json,
Yaml,
Env,
Xml
}
}
src/PSInfisicalAPI/Process/InfisicalProcessOptions.cs
+2 -1
View File
@@ -25,6 +25,7 @@ namespace PSInfisicalAPI.Process
public bool LogOutput { get; set; }
public bool ContinueOnError { get; set; }
public InfisicalSecret[] Secrets { get; set; }
public string Prefix { get; set; }
public string SecretsPrefix { get; set; }
public bool ForceSecretsPrefix { get; set; }
}
}
src/PSInfisicalAPI/Process/InfisicalProcessRunnerHelpers.cs
+9 -3
View File
@@ -6,6 +6,7 @@ using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using PSInfisicalAPI.Common;
using PSInfisicalAPI.Logging;
using PSInfisicalAPI.Models;
using PSInfisicalAPI.Security;
@@ -23,7 +24,7 @@ namespace PSInfisicalAPI.Process
if (options.EnvironmentVariables != null && options.EnvironmentVariables.Count > 0)
{
Log(logger, string.Concat("Injecting ", options.EnvironmentVariables.Count, " explicit environment variable(s) into the process."));
LogInformation(logger, string.Concat("Injecting ", options.EnvironmentVariables.Count, " explicit environment variable(s) into the process."));
foreach (DictionaryEntry entry in options.EnvironmentVariables)
{
if (entry.Key == null) { continue; }
@@ -35,11 +36,11 @@ namespace PSInfisicalAPI.Process
if (options.Secrets == null || options.Secrets.Length == 0) { return; }
Log(logger, string.Concat("Injecting ", options.Secrets.Length, " Infisical secret(s) into the process environment."));
LogInformation(logger, string.Concat("Injecting ", options.Secrets.Length, " Infisical secret(s) into the process environment."));
foreach (InfisicalSecret secret in options.Secrets)
{
if (secret == null || string.IsNullOrEmpty(secret.SecretName) || secret.SecretValue == null) { continue; }
string name = string.IsNullOrEmpty(options.Prefix) ? secret.SecretName : string.Concat(options.Prefix, secret.SecretName);
string name = InfisicalPrefix.Apply(secret.SecretName, options.SecretsPrefix, options.ForceSecretsPrefix);
SecureStringUtility.UsePlainText(secret.SecretValue, plain =>
{
processEnv[name] = plain;
@@ -192,5 +193,10 @@ namespace PSInfisicalAPI.Process
{
if (logger != null) { logger.Verbose(Component, message); }
}
private static void LogInformation(IInfisicalLogger logger, string message)
{
if (logger != null) { logger.Information(Component, message); }
}
}
}
src/PSInfisicalAPI/Secrets/InfisicalSecretsClient.cs
+62 -2
View File
@@ -75,8 +75,8 @@ namespace PSInfisicalAPI.Secrets
InfisicalSecretListResponseDto dto = _serializer.Deserialize<InfisicalSecretListResponseDto>(response.Body);
response.Clear();
InfisicalSecret[] mapped = InfisicalSecretMapper.MapMany(dto != null ? dto.Secrets : null);
_logger.Information(Component, "Infisical secrets retrieval was successful.");
InfisicalSecret[] mapped = MergeListAndImports(dto);
_logger.Information(Component, string.Concat("Infisical secrets retrieval was successful. Returned ", mapped.Length.ToString(CultureInfo.InvariantCulture), " secret(s)."));
return mapped;
}
catch (Exception)
@@ -465,6 +465,66 @@ namespace PSInfisicalAPI.Secrets
}
}
private InfisicalSecret[] MergeListAndImports(InfisicalSecretListResponseDto dto)
{
if (dto == null) { return Array.Empty<InfisicalSecret>(); }
InfisicalSecret[] local = InfisicalSecretMapper.MapMany(dto.Secrets);
if (dto.Imports == null || dto.Imports.Count == 0)
{
return local;
}
Dictionary<string, InfisicalSecret> merged = new Dictionary<string, InfisicalSecret>(StringComparer.Ordinal);
int importsTotal = 0;
foreach (InfisicalSecretImportDto import in dto.Imports)
{
if (import == null) { continue; }
InfisicalSecret[] importedSecrets = InfisicalSecretMapper.MapMany(import.Secrets);
importsTotal += importedSecrets.Length;
_logger.Information(Component, string.Concat(
"Including ",
importedSecrets.Length.ToString(CultureInfo.InvariantCulture),
" secret(s) from import '",
import.SecretPath ?? string.Empty,
"' (environment='",
import.Environment ?? string.Empty,
"')."));
foreach (InfisicalSecret secret in importedSecrets)
{
if (secret == null || string.IsNullOrEmpty(secret.SecretName)) { continue; }
merged[secret.SecretName] = secret;
}
}
int overrides = 0;
foreach (InfisicalSecret secret in local)
{
if (secret == null || string.IsNullOrEmpty(secret.SecretName)) { continue; }
if (merged.ContainsKey(secret.SecretName)) { overrides++; }
merged[secret.SecretName] = secret;
}
_logger.Information(Component, string.Concat(
"Merged secrets: local=",
local.Length.ToString(CultureInfo.InvariantCulture),
", imports=",
importsTotal.ToString(CultureInfo.InvariantCulture),
", local-overrode-import=",
overrides.ToString(CultureInfo.InvariantCulture),
", final=",
merged.Count.ToString(CultureInfo.InvariantCulture),
"."));
InfisicalSecret[] result = new InfisicalSecret[merged.Count];
merged.Values.CopyTo(result, 0);
return result;
}
private InfisicalHttpResponse SendWithVersionFallback(
InfisicalConnection connection,
string endpointName,